Windows - Auto Patcher & NliteOS

Use AutoPatcher to combine a bunch of patches into a single file.
http://www.autopatcher.com/

Then use NliteOS to automate an installation of XP (or other windows OS).
http://www.nliteos.com/index.html

Linux - EasyUbuntu

Welcome to EasyUbuntu

Welcome to EasyUbuntu!

EasyUbuntu is an easy to use (duh!) script that gives the Ubuntu user the most commonly requested apps, codecs, and tweaks that are not found in the base distribution - all with a few clicks of your mouse.

powered by performancing firefox

Cisco - Prioritising ACK Traffic Simply

class-map match-all priack
 match access-group 101
!
!
policy-map prioritize-ack
 class priack
  bandwidth 500

interface Ethernet1
 description WAN
 ip address X.X.X.X 255.255.255.252
 ip nat outside
 service-policy output prioritize-ack
 no cdp enable


access-list 101 permit tcp any any ack

Cisco#sh access-lists 101
Extended IP access list 101
   10 permit tcp any any ack (25521 matches)

powered by performancing firefox

Cisco - How to block Skype traffic

How to block skype June 7, 2006
Posted by ciscotips in security, Router, QOS, Access-lists. trackback

On April 4th 2006, Cisco released IOS version 12.4 (4) T. Cisco introduced
much awaited Skype classification in NBAR . So now with simple policy you
can block skype. Skype can be blocked in a similar way as we use to block
kazza,limewire and other p2p applications.

Example:-

NBAR configuration to drop Skype packets

class?map match?any p2p
match protocol skype

policy?map block?p2p
class p2p
drop

int FastEthernet0
description PIX?facing interface
service?policy input block?p2p

If you are unsure about the bandwidth eating applications being used in
your organisation. you can access the interface connected to the Internet
and configure following command

ip nbar protocol-discovery.

This will enable nbar discovery on your router.

Use following command:-

show ip nbar protocol-discovery stats bit-rate top-n 10

it will show you top 10 bandwidth eating applications being used by the
users. Now you will be able to block/restrict traffic with appropriate QoS
policy.

we can also use ip nbar port-map command to look for the protocol or
protocol name, using a port number or numbers other than the well-known
Internet Assigned Numbers Authority (IANA)-assigned) port numbers.

Usage as per cisco:-
ip nbar port-map protocol-name [tcp | udp] port-number

Up to 16 ports can be specified with this command. Port number values can
range from 0 to 65535Cisc o

powered by performancing firefox

Linux - Backing up a Unix(-like) system

Backing up a Unix(-like) system

Backing up a Unix(-like) system

powered by performancing firefox

Cisco - Configuring TCP Performance Parameters

Tips on improving TCP performance

Cisco IOS IP Application Services Configuration Guide, Release 12.4 - Configuring TCP Performance Parameters  [Cisco IOS Software Releases 12.4 Mainline] - Cisco Systems

The Transmission Control Protocol (TCP) is a protocol that specifies the format of data and acknowledgments used in data transfer. TCP is a connection-oriented protocol because participants must establish a connection before data can be transferred. By performing flow control and error correction, TCP guarantees reliable, in-sequence delivery of packets. It is considered a reliable protocol because if an IP packet is dropped or received out of order, TCP will request the correct packet until it receives it.

powered by performancing firefox

Microsoft Shared Computer Toolkit for Windows XP

Microsoft Shared Computer Toolkit for Windows XP

The Shared Computer Toolkit helps make it easy to set up, safeguard, and manage reliable shared computers running genuine Windows XP.

powered by performancing firefox

Windows XP - NSA Security Guide

Operating Systems Guides

Microsoft Windows XP Guides

NSA has developed and distributed configuration guidance for Microsoft Windows NT and Windows 2000 in the form of configuration guides. These guides are currently being used throughout the government and by numerous entities as a security baseline for their Windows systems.

powered by performancing firefox

Cisco - Block Skype

Block Skype

How to block skype June 7, 2006
Posted by ciscotips in security, Router, QOS, Access-lists. trackback

On April 4th 2006, Cisco released IOS version 12.4 (4) T. Cisco introduced
much awaited Skype classification in NBAR . So now with simple policy you
can block skype. Skype can be blocked in a similar way as we use to block
kazza,limewire and other p2p applications.

Example:-

NBAR configuration to drop Skype packets

class?map match?any p2p
match protocol skype

policy?map block?p2p
class p2p
drop

int FastEthernet0
description PIX?facing interface
service?policy input block?p2p

If you are unsure about the bandwidth eating applications being used in
your organisation. you can access the interface connected to the Internet
and configure following command

ip nbar protocol-discovery.

This will enable nbar discovery on your router.

Use following command:-

show ip nbar protocol-discovery stats bit-rate top-n 10

it will show you top 10 bandwidth eating applications being used by the
users. Now you will be able to block/restrict traffic with appropriate QoS
policy.

we can also use ip nbar port-map command to look for the protocol or
protocol name, using a port number or numbers other than the well-known
Internet Assigned Numbers Authority (IANA)-assigned) port numbers.

Usage as per cisco:-
ip nbar port-map protocol-name [tcp | udp] port-number

Up to 16 ports can be specified with this command. Port number values can
range from 0 to 65535

Operating Systems Guides

Microsoft Windows XP Guides

NSA has developed and distributed configuration guidance for Microsoft Windows NT and Windows 2000 in the form of configuration guides. These guides are currently being used throughout the government and by numerous entities as a security baseline for their Windows systems.

powered by performancing firefox

PHP & SQL - Simple Optimization for PHP and MySQL

dublish.com - Simple Optimization for PHP and MySQL
Here is a list of a few very simple tips for optimizing your php/mysql applications. Keep these in mind while developing.

Cisco - Configure SSH2

Quick & dirty doc on getting SSH2 up and running on your Cisco router:

conf t
hostname TR-Router
ip domain-name TechRepublic.com
crypto key generate rsa
ip ssh version 2
ip ssh logging events


Configure SSH on your Cisco router - Security & Availability - Toolkits - ZDNet Asia

Cisco - ADSL - Recovering from Shaping

Sometimes it seems that after you have been shaped, you never get your bandwidth back ... not sure if this will fix it, but it sounds right: atm bandwidth dynamic

Cisco IOS states it "Allow dynamic bandwidth change on ATM PVCs"

Networking - Documenting Special Use IPv4 Address Blocks

Contains a list of all private & testing address space and a suggested ACL.

INTERNET-DRAFT

Documenting Special Use IPv4 Address Blocks

Cisco - ACL TCP Flags Filtering

You can actually use ACLs to match on TCp flags such as Reset (RST), Acknowledge (ACK) and so forth.



Cisco IOS IP Application Services Configuration Guide, Release 12.4 - ACL TCP Flags Filtering  [Cisco IOS Software Releases 12.4 Mainline] - Cisco Systems

ACL TCP Flags Filtering

The ACL TCP Flags Filtering feature provides a flexible mechanism for filtering on TCP flags. Before Cisco IOS Release 12.3(4)T, an incoming packet was matched as long as any TCP flag in the packet matched a flag specified in the access control entry (ACE). This behavior allows for a security loophole, because packets with all flags set could get past the access control list (ACL). The ACL TCP Flags Filtering feature allows you to select any desired combination of flags on which to filter. The ability to match on a flag set and on a flag not set gives you a greater degree of control for filtering on TCP flags, thus enhancing security.

Cisco - Cisco AutoSecure Data Sheet

Cisco AutoSecure Data Sheet  [Cisco Network Foundation Protection (NFP)] - Cisco Systems

By incorporating a "one touch" device lockdown process, Cisco AutoSecure enables rapid implementation of security policies and procedures to ensure secure networking services. This new Cisco IOS® Software feature simplifies the security process, thus lowering barriers to the deployment of critical security functionality.

Cisco AutoSecure performs the following functions:¹

1. Disables the following Global Services

• Finger
• PAD
• Small Servers
• Bootp
• HTTP service
• Identification Service
• CDP
• NTP
• Source Routing

2. Enables the following Global Services

• Password-encryption service
• Tuning of scheduler interval/allocation
• TCP synwait-time
• TCP-keepalives-in and tcp-kepalives-out
• SPD configuration
• No ip unreachables for null 0

3. Disables the following services per interface

• ICMP
• Proxy-Arp
• Directed Broadcast
• Disables MOP service
• Disables icmp unreachables
• Disables icmp mask reply messages.

4. Provides logging for security

• Enables sequence numbers & timestamp
• Provides a console log
• Sets log buffered size
• Provides an interactive dialogue to configure the logging server ip address.

5. Secures access to the router

• Checks for a banner and provides facility to add text to automatically configure:
• Login and password
• Transport input & output
• Exec-timeout
• Local AAA
• SSH timeout and ssh authentication-retries to minimum number
• Enable only SSH and SCP for access and file transfer to/from the router
• Disables SNMP If not being used

6. Secures the Forwarding Plane

• Enables Cisco Express Forwarding (CEF) or distributed CEF on the router, when available
• Anti-spoofing
• Blocks all IANA reserved IP address blocks
• Blocks private address blocks if customer desires
• Installs a default route to NULL 0, if a default route is not being used
• Configures TCP intercept for connection-timeout, if TCP intercept feature is available and the user is interested
• Starts interactive configuration for CBAC on interfaces facing the Internet, when using a Cisco IOS Firewall image,
• Enables NetFlow on software forwarding platforms

Cisco - ADSL - Determine Attenuation & Distance From Exchange

Use the "show dsl interface atm0/0" command on Cisco routers to get the attenuation figure for your router. The column you are interested in is the one under ATU-R, which is the 'Remote' end. The column for ATU-C is the Central Office. DS is for downstream and US is for upstream. Apparently you can divide your attenuation figure by 13.81 to get an approximate distance from the exchange. Further down, you can verify the speed of the line in boh the downstream and upstream direction.

More information on this command can be found here: 1-Port ADSL WAN Interface Card  [Cisco IOS Software Releases 12.1 Special and Early Deployments] - Cisco Systems

Cisco - NAT Errors - Static entry in use, cannot remove

If you get this error "Static entry in use, cannot remove" when trying to remove a static NAT entry on a Cisco router, you need to clear the translations table first.

You should then be able to remove the static entry, but you will have to do this pretty quickly as any activity on that port (inbound or outbaound) will bring the translation back up.

The easiest way to do this is to cut and then paste the four or so commands in one go:
    clear ip nat translation *
    conf t
        no ip nat inside source static tcp 192.168.1.10 6881 interface Dialer0 6881
        exit

Cisco Docs:
How to Change the Dynamic NAT Configuration  [IP Addressing Services] - Cisco Systems

Linux - Server Monitoring With munin And monit (HowtoForge)

Quick and dirty monitoring ... looks like you can have this up and running in 15 minutes or less ...


Server Monitoring With munin And monit | HowtoForge - Linux Howtos and Tutorials

Server Monitoring With munin And monit. In this article I will describe how to monitor your server with munin and monit. munin produces nifty little graphics about nearly every aspect of your server (load average, memory usage, CPU usage, MySQL throughput, eth0 traffic, etc.) without much configuration, whereas monit checks the availability of services like Apache, MySQL, Postfix and takes the appropriate action such as a restart if it finds a service is not behaving as expected. The combination of the two gives you full monitoring: graphics that lets you recognize current or upcoming problems (like "We need a bigger server soon, our load average is increasing rapidly."), and a watchdog that ensures the availability of the monitored services.

Windows - Comparing MBSA, MU, WSUS, and SMS 2003

Good comparison of WSUS vs SMS ... basically WSUS is easy, but SMS is detailed ...

Comparing MBSA, MU, WSUS, and SMS 2003

Windows - How to configure an authoritative time server in Windows Server 2003

How to configure an authoritative time server in Windows Server 2003

How to configure an authoritative time server in Windows Server 2003

Windows - Configuring the Windows Time Service

Configuring the Windows Time Service

Configuring the Windows Time Service

Windows - How can I determine who are the current FSMO Roles holders in my domain/forest?

Determining FSMO Role Holders

How can I determine who are the current FSMO Roles holders in my domain/forest?

Cisco - ADSL - End-to-End DSL Architectures

A sample chapter from "End-to-End DSL Architectures" that covers pretty much everything you wanted to know about DSL.

http://www.informit.com/articles/printerfriendly.asp?p=31445

Windows - Addressing and Name Resolution

A detailed explanation of addressing functions in Windows XP.

Windows XP Resource Kit: Configuring IP Addressing and Name Resolution

Addressing and Name Resolution

Cisco - Call Manager Website Errors

Gettiung a bunch of errors when you try to use CCM?

Cisco reports that a number of browsers have trouble (see below). I have also found that any connections through a proxy will also cause trouble. This problem with proxies goes for both your browser AND java. To set your JVM to not use proxies, do the following: Start Settings Control Panel. Open Java Network Settings. Select Direct Connection and then click OK twice to exit.

Troubleshooting Cisco ICS 7750 Software

Troubleshooting Cisco CallManager

Windows - Verify Domain Controller Status

This tool will help you work out whether or not each server is correctly seeing the domain controllers for your domain.

A quick look at the Windows 2003 support tools

Tool Name: Domain Controller Diagnostic Tool

Filename: dcdiag.exe

Format: Command Line

Description: Analyzes and reports on the state of a domain controller

AD - Adding Custom Information to Active Directory

A one page article on how to add custom info to AD - including the GUI.

Extending the Active Directory Schema To Track Custom Info

Date: Feb 27, 2004 By Kurt Hudson.

You
can modify the Active Directory database to track almost anything you
want: ID info, social security numbers, etc. Kurt Hudson shows how to
track additional information about user accounts.

RIS - RIS Installations of Windows XP Professional

Quick summary on how to do RIS installs of XP ... all in one page!

RIS Installations of Windows XP Professional

RIS Installations of Windows XP Professional
By Jason Zandri

Index | Next

In order to install Windows XP Professional using the Remote Installation Service, you must install the RIS on a Windows 2000 server (either Server, Advanced Server or Datacenter) using the Remote Installation Services Setup Wizard. The server can be a member server or a domain controller, it doesn't make a difference, however, what must be present on the network in order to use RIS are the following services:

DNS RIS relies on the DNS service for locating both the directory service and client computer accounts.
DHCP The DHCP service is required so that client computers that can receive an IP address.
Active Directory RIS relies on the Active Directory service in for locating the RIS servers.

PXE - Network Boot Services

Part of Microsoft's Automated Deployment Services (ADS) - which is the successor to RIS (though it only does server based deployments).

Network Boot Services

Network Boot Services

Network Boot Services (NBS) provides startup control for devices that support the Pre-Boot eXecution Environment (PXE). NBS responds to PXE network boot requests from devices and then directs the devices to boot using the Deployment Agent, the operating system on the hard disk, or a virtual floppy disk. It can also direct devices to ignore the boot request.

ADS/RIS - Choosing Between ADS and RIS for Bare-Metal Deployments and Re-Deployments

Choosing Between ADS and RIS for Bare-Metal Deployments and Re-Deployments

Windows Server 2003 includes two deployment solutions:
•

ADS is a new solution delivered with Windows Server 2003 Enterprise Edition, and Windows Server 2003 Datacenter Edition, and is designed for automated, high-speed server deployment.
•

RIS was first delivered with Windows 2000 and has been enhanced in Windows Server 2003 to enable fully automated deployments. RIS now supports deployments to servers as well as to desktops.

Of the two solutions, only RIS supports deployment of desktops—that is, computers targeted to run a Windows client operating system, such as Windows XP. ADS is designed and optimized for deployment of servers—that is, ADS is targeted to run a Windows server operating system, such as Windows Server 2003.

Windows - Deleting Stubborn Files

Need to move files that are in use? Can't delete a file even as Admin? This util from Sysinternals allows you to schedule the movement or deletion of files at boot time.

Sysinternals Freeware - PendMoves and MoveFile

There are several applications, such as service packs and hotfixes, that must replace a file that's in use and is unable to. Windows therefore provides the MoveFileEx API to rename or delete a file and allows the caller to specify that they want the operation to take place the next time the system boots, before the files are referenced. Session Manager performs this task by reading the registered rename and delete commands from the HKLM\System\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations value

PXE - Unattended - Open Source alternative to RIS

Unattended is an Open Source alternative to RIS. It provides a system for fully automating the installation of Windows 2000 Professional and Server, Windows XP, and Windows Server 2003.
Unattended - Open Source alternative to RIS

PXE - What is PXE?

An overview of what PXE is, how it works and why it is good. Written by 3COM:
What is PXE? (PDF)

PXE - Installing in a Microsoft only environment.

Another method for setting up PXE in a windows only environment: In a Microsoft only environment, Linux is only necessary to build the image. If you don't want to install a Linux box to build those images you can download and you some of the pre-built images.You will need to configure a windows TFTP server make some necessary changes to your DHCP server.
Once this is complete you can boot your clients to a Microsoft Terminal Server logon.
PXE - Installing in a Microsoft only environment.

PXE - Bart's Network Boot Disk

Bart's Network Boot Disk might be required in order to get PXE to boot correctly.

A highly professional network boot disk for connecting to a network share on a
Windows 9x/ME/NT4/2000/XP or Linux Samba machine. Also allows you to use network applications such as SSHDOS (secure shell) or Ghost Peer-to-peer/multicast, using Packet driver interface.

Bart's Network Boot Disk

Missing Graphics in Microsoft Word

Missing Graphics in Microsoft Word

There's a few reasons this can occur. I've listed them from most likely to least likely.

You're not in the right view.
For best results, from the menu choose ViewàPrint Layout.

You're not viewing graphics.
Tools Options, View tab. Make sure Drawings is checked. Make sure Picture placeholders is not checked.

Your machine is hurting for resources.
Sometimes, restarting your PC resolves this issue. Other times, we need to clean up our hard drives.

It's a Graphics Card Thing.
This issue doesn't affect every brand and model. To fix, go to Control Panel and lower your hardware acceleration. Results may vary.

Outlook 2003 - Junk E-Mail Options - Deploying a Safe Senders List

Avoiding Performance Problems When Deploying a Safe Senders List

Avoiding Performance Problems When Deploying a Safe Senders List

Sue Mosher
Outlook Tips and Techniques
InstantDoc #45976
Exchange Outlook Administrator

I'm trying to use the policy template for Microsoft Office Outlook 2003 to specify a Safe Senders list for the Junk E-mail Filter for my users. I've set up the Group Policy Object (GPO) and added the policy setting. I also created a text file that contains only one line (@hotmail.com), saved the file as safe.txt in the \\domaincontroller\netlogon folder, and used that file path in the Specify path to Safe Senders list policy. But no matter what we try, the users' Safe Senders lists don't change. How can we fix this so that we can deploy a Safe Senders list?

When I tried using a GPO to deploy a Safe Senders list, I had the same result—the users' Safe Senders list didn't change. So I tried deploying the list through the Custom Maintenance Wizard instead, following the procedure described in the Office Resource Kit article "Helping Users Avoid Junk E-Mail Messages in Outlook 2003" (http://office.microsoft.com/en-us/assistance/HA011402621033.aspx). That approach worked fine and added the desired domains and addresses to users' Safe Senders list. . . .

MDM.exe - How to turn off Machine Debug Manager in Office XP

How to turn off Machine Debug Manager in Office XP

The Machine Debug Manager, Mdm.exe, is a program that is installed with the Microsoft Script Editor to provide support for program debugging.

The Machine Debug Manager runs as a service and is loaded when your computer starts. If you do not use your computer for debugging purposes, you can safely turn off the Machine Debug Manager.

Speed up the Disk Cleanup Tool by skipping Compressing Old Files

Speed up the Disk Cleanup Tool by skipping Compressing Old Files

You can speed up the Disk Cleanup Tool by skipping the section that calculates Compressing Old Files.
Article ID : 812248. When you try to compress old files, the Disk Cleanup tool may stop responding and you may receive the following message:
Disk Cleanup is calculating how much space you will be able to free on (C:).
This may take a few minutes to complete.
Scanning: Compress old files

How to solve Windows system crashes in minutes

http://www.networkworld.com/news/2005/041105-windows-crash.html?t5 />

A system crash: If you're lucky, it only ruins your day. More than likely, you're in for several bad days followed by a few stressful weeks or months. After all, systems rarely fail only once. Rather, they keep crashing until you find the cause and fix the problem.

How to Use Dumpchk.exe to Check a Memory Dump File

How to Use Dumpchk.exe to Check a Memory Dump File

This article describes Dumpchk.exe, which is a command-line utility that you can use to verify that a memory dump file has been created correctly. Dumpchk does not require access to symbols.

How to use memory dump to trace bug

How to use memory dump to trace bug - The Code Project - Debug tips

Catching and analyzing a memory dump file is important. This article teaches you how to use hands-on tools to catch and read memory dump files.

The hands-on tools are :-

* Dr. Watson, which is included by almost all the windows systems.
* VC6 and VC7 compiler, we need to recompile the project to generate Map files and COM files for tracing the bug.
* Dumpchk can check dump file, before you are going to send it.
* Windbg and kd can give you detailed information about the spot when exception occurred. Symbol files are always necessary for debugging dump files.

Windows: Debugging Blue Screens Of Death

Debugging Tools and Symbols: Getting Started

Debugging Tools and Symbols: Getting Started

Debugging Tools for Windows is a set of extensible tools for debugging device drivers for the Microsoft® Windows® family of operating systems.