Friday, November 27, 2009

Using ProcDump.exe to monitor w3wp.exe for CPU spikes

Procdump is a light weight Sysinternal's command-line utility whose primary purpose is monitoring an application for CPU spikes and generating crash dumps during such spikes which an administrator or developer can use to determine the cause or to share the dump with PSS for further analysis. It also can serve as a general process dump utility that you can embed in other scripts.

It completely eliminates the need to maintain different utilities like Debug Daig 1.1 for 32 bit processes and adplus for 64 bit processes on the same server.

The Problem

Looking at task manager we can see w3wp.exe process is spiking CPU between 49%-60% intermittently and then immediately it goes down.

In order to troubleshoot we need to capture 2 sets of dump for w3wp.exe when process reaches 50% CPU and stays there for 3 consecutive seconds or so.This, using Debug Diag 1.1 or Adplus could be a tricky task as it would require great deal of accuracy to manually generate dumps when the actual CPU spike happens or we may end up taking dumps without capturing real activity responsible for the spike.

The Savior

ProcDump.exe comes in handy in such situation to speed up the course of action and help in getting the right set of data. It would monitor the target process for CPU spike within specified time limit and take snapshot at that point.

For example:

procdump -ma -c 50 -s 3 -n 2 5844(Process Name or PID)

-ma Write a dump file with all process memory. The default dump format includes thread and handle information.

-c CPU threshold at which to create a dump of the process.

-s Consecutive seconds CPU threshold must be hit before dump written (default is 10).

-n Number of dumps to write before exiting.

The above command would monitor the w3wp.exe till CPU spikes 50% for 3 seconds and it would take full dump at least for two iterations.

C:\Users\jaskis\Downloads\procdump> procdump -ma -c 50 -s 3 -n 2 5844

ProcDump v1.1 - Writes process dump files
Copyright (C) 2009 Mark Russinovich
Sysinternals - www.sysinternals.com

Process: w3wp.exe (5844)
CPU threshold: 50% of system
Duration threshold: 3s
Number of dumps: 2
Hung window check: Disabled
Exception monitor: Disabled
Dump file: C:\Users\jaskis\Downloads\procdump\w3wp.dmp

Time CPU Duration
[23:48.35] 59% 1s
[23:48.36] CPU usage below threshold.
[23:48.37] 54% 1s
[23:48.38] 55% 2s
[23:48.39] 61% 3s
Process has hit spike threshold.
Writing dump file C:\Users\jaskis\Downloads\procdump\w3wp_080309_114839PM.dmp... Dump written.

[23:48.44] 61% 1s
[23:48.45] 59% 2s
[23:48.46] 57% 3s
Process has hit spike threshold.
Writing dump file C:\Users\jaskis\Downloads\procdump\w3wp_080309_114846PM.dmp...
Dump written.

Few of other interesting switches

-64 By default Procdump will capture a 32-bit dump of a 32-bit when running on 64-bit Windows. This option overrides to 64-bit dump.

-o Overwrite an existing dump file.

Another area worth investing time would be to write a batch file and run it as window service to take dump on CPU spike even when the user logoff from the server.

Stayed tuned for more on this….

Configuring FTP 7.5 with Host Header and SSL

FTP 7.5 comes with new features like supporting Host headers (Virtual host) and SSL. For compatibility purposes, FTP clients can check whether the FTP server supports host headers by sending a FEAT command to check for supported features. An FTP server would respond with HOST being one of the extended features supported by it and from here on client can use this feature.

There are two ways of using this feature currently by the FTP clients:

1. They can send the virtual host name along with the Username while getting authenticated by the FTP server as below:

C:\>ftp ftp.me.com
Connected to ftp.me.com.
220 Microsoft FTP Service
User (ftp.me.com:(none)): ftp.me.com|
331 Password required for ftp.me.com|
Password:
230 User logged in.
ftp>

or,

2. They can send the following command to connect to a specific Virtual host name as below:

ftp> quote host ftp.me.com
220 Host accepted.
ftp> user
Username
331 Password required for .
Password:
230 User logged in.
ftp>

In this example the test is done through the default ftp.exe that comes bundled with Windows OS. Smart FTP clients can send the HOST seamlessly without the end user knowing about it.

If you are setting up your FTP site on IIS 7 over SSL using the host header there are some caveats you need to remember as discussed below.

I have an FTP site as shown below which is using a Host header and is configured to accept SSL connections.

image

Under FTP SSL Settings I have the following configuration as shown below:

image

If we try to access the FTP site using an SSL enabled FTP client it will fail as shown below:

Command: AUTH TLS
Response: 534-Local policy on server does not allow TLS secure connections.
Response: Win32 error: Access is denied.
Response: Error details: SSL certificate was not configured.
Response: 534 End
Command: AUTH SSL
Response: 534-Local policy on server does not allow TLS secure connections.
Response: Win32 error: Access is denied.
Response: Error details: SSL certificate was not configured.
Response: 534 End

*Output from Filezilla FTP client

NOTE: AUTH TLS/SSL Negotiation for Primary connection is done based on the certificate at the global level and uses the certificate installed at the site level for Data connection.

Some FTP clients like FileZilla require the same SSL certificate to be used for both the control and the data channel. If the certificates don’t match the primary connection will be established but the data transfer connection will be aborted as shown below:

Command: LIST
Response: 150 Opening BINARY mode data connection.
Error: Primary connection and data connection certificates don't match.
Error: Transfer connection interrupted: ECONNABORTED - Connection aborted
Response: 226 Transfer complete.
Error: Failed to retrieve directory listing

*Output from Filezilla FTP client

If we have the SSL Certificate only at the global level and not at the FTP site level we will see an error again as below:

Command: PROT P
Response: 431-Failed to setup secure session.
Response: Win32 error:
Response: Error details: SSL certificate hash has invalid length.
Response: 431 End
....
....
Command: LIST
Response: 534-Protection level negotiation failed.
Response: Win32 error: Access is denied.
Response: Error details: Protection negotiation failed. PROT command with recognized parameter must precede this command.
Response: 534 End
Error: Failed to retrieve directory listing

*Output from FileZilla FTP client

So overall, we need to ensure that a valid SSL certificate is set both at the global and the individual FTP site levels. It finally depends upon the FTP client whether to expect the same certificate or different ones for primary and data connections.

Thursday, November 26, 2009

How to Set Up Your Own VMware ESXi4 Server

Preparation

Before you can start installing there are a couple of important pre-requisites; the server hardware and the ESXi4 software to install on it. For various reasons you can't just install ESXi4 on any old PC, although it is less picky than previous versions there are still some basic hardware requirements you must meet. A fundamental requirement is a 64bit CPU, if you only have 32bit available then you will have to limit yourself to the previous version 3.5, which is also free fortunately.


How to Set Up Your Own VMware ESXi4 Server


Easier Navigation Between Remote Desktop Sessions with Windows 7/2008 R2

In previous version of Windows, the remote desktop client, mstsc.exe, used to have a yellow tab on top of the screen, viewable when using the RDP connection in full screen. This tab could be fixed to the top of the screen, or minimized when needed.

So far, so good.

Now imagine this: You're using a Windows Server 2003 or Windows Server 2008, or even a Windows XP Pro machine as an RDP Gateway to other servers/computers on your network. This is a very common usage scenario for many organizations that need to enable remote administrators' access to their internal servers, but do not want to enable RDP access to the entire set of internal computers. In addition, this scenario is useful for administrators that do not have VPN or SSL VPN infrastructure that allows them to connect to any computers that they need on the internal network.

This way, these administrators only enable RDP access to one external computer, which could be a Windows Server 2003 or Windows Server 2008, or even a Windows XP Pro machine. From there, the connected administrator opens another RDP connection to internal machines, performing an RDP-in-RDP session.

Now, the nasty part is that when doing an RDP-in-RDP session, the yellow RDP bar or tab sits one on top of the other, making it hard to minimize one screen instead of the other.

For example, I have an XP Pro machine that has a VPN connection to a specific client's network. After connecting, I need to open an RDP session to a Windows Server 2008 machine at 192.168.200.150:


Easier Navigation Between Remote Desktop Sessions with Windows 7/2008 R2


Saturday, November 7, 2009

Did you know… The default Application Pool Identity in IIS 7.5 (Windows 7) changed from NetworkService to AppPoolIdentity?

In Windows 7, IIS application pool isolation was taken yet to a different level. The new change introduced in IIS7 (Windows Server 2008) was a new option to run your application pool as AppPoolIdentiy. However, the default for an application pool identity in IIS7 remained the same – NetworkService. In IIS7.5, AppPoolIdentiy becomes a default. Thus, scripts previously expecting permissions for their application pool identity to be set to “NT Service\NetworkService” will now have to set permissions (ACLs) for “IIS AppPool\” – the user account created for each new application pool.

Thus, to set permissions for the DefaultAppPool, the scripts will need to set ACLs for “IIS AppPool\DefaultAppPool”.

The incentive behind this change was to enforce the improved concept of process isolation through separate user accounts generated for each application pool identity.

To see other options that you can choose for your application pool identity, go to IIS Manager, Application Pools and right-click on the pool you want to configure, select Advanced Settings and Identity in the dialog that opens. You can choose one of the built-in accounts for your application pool identity:

image

Here is a list of built-in accounts and their corresponding usernames to use when setting permissions:

LocalService: Service
LocalSystem: System
NetworkService: Network Service
ApplicationPoolIdentity: IIS AppPool\

You can also specify an existing custom account (local or domain):

image

Monday, October 12, 2009

A Technical Case Study: Fast and Reliable Backup and Restore of Multi-Terabytes Database over the Network

Summary: Database sizes increase constantly, as do requirements for access and availability. At the same time, it is more important than ever to have a fast and reliable backup and recovery plan in place. This document discusses the challenges of designing a robust backup and restore solutions for very large databases (VLDBs). Using a real-world example, it demonstrates how to make the best use of the backup and restore features of SQL Server 2008 to help create a fast and reliable backup and restore plan for VLDBs over the network.

Backing up a 2-terabyte database onto a local hard drive and then restoring it is fast, but this simple process does not provide adequate protection against worst-case scenario. On the other hand, backing up the database over the network to another location provides protection against our worst-case scenario, but with a typical 1-gigabit-per-second (Gbps) connection, performance suffers. When we looked at this situation, as a baseline test, we backed up the 2-terabyte database over a 1-Gbps network link to another data center 10 miles away. This took more than 24 hours, which was far from acceptable. We needed to design a solution that would remove the bottleneck, enabling us to complete the backup within that time-to-restore window specified in our SLA.

Assembling all the small pieces of the backup puzzle and running endless tests, we were able to reduce the backup of the 2-terabyte database to 36 minutes. The solution, which we termed “multistreamed backups over the network”, used eight 1-Gbps network connections. Jumbo frames were configured for each network card, and each network card was then aggregated to layer 2 backup switches to one 10GE (10Gbit Ethernet) line that ran to the second site. Backup now took 2 hours and 15 minutes. Enabling SQL Server 2008 backup compression finally brought the time down to 36 minutes.

For details please refer to the whitepaper:


http://download.microsoft.com/download/d/9/4/d948f981-926e-40fa-a026-5bfcf076d9b9/Technical%20Case%20Study-Backup%20VLDB%20Over%20Network_Final.docx

Monday, October 5, 2009

How to do a clean installation of Windows Server 2008 R2.

Hi Guys here is the short document of Installation procedure.

"How to do a clean installation of Windows Server 2008 R2."

IIS Database Manager

IIS Database Manager allows you to easily manage your local and remote databases from within IIS Manager. IIS Database Manager automatically discovers databases based on the Web server or application configuration and also provides the ability to connect to any database on the network. Once connected, IIS Database Manager provides a full array of management options including managing tables, views, stored procedures and data, as well as running ad hoc queries.

IIS Database Manager provides native support for SQL Server and is also fully extensible for developers to add support for other database systems. In addition, because IIS Database Manager is an extension of IIS Manager, administrators can securely delegate the management of databases to authorized local or remote users, without having to open additional management ports on the server.

Here are a few articles to get you started on using the IIS Database Manager:

IIS Database Manager (x86)

IIS Database Manager (x64)

Sunday, October 4, 2009

Frequently asked Questions (FAQ) of Windows Server 2008 Server and Details

QUESTION. What is Windows Server 2008?
ANSWER.
Windows Server 2008 is the most advanced Windows Server operating system yet, designed to power the next generation of networks, applications, and Web services. With Windows Server 2008 you can develop, deliver, and manage rich user experiences and applications, help provide a highly secure network infrastructure, and increase technological efficiency and value within your organization. Windows Server 2008 builds on the success and strengths of its Windows Server predecessors while delivering valuable new functionality and powerful improvements to the base operating system. New Web tools, virtualization technologies, security enhancements, and management utilities help save time, reduce costs, and provide a solid foundation for your information technology (IT) infrastructure. Learn more details by reading the Product Overview.

QUESTION. How can I evaluate Windows Server 2008?

ANSWER.
There are several ways for you to evaluate Windows Server 2008:
· Download an evaluation version
· Take an online test drive of Windows Server 2008 (eight 10-15 minute self-driven demonstrations)
· Try an online Virtual Lab (60-90 minute self-driven evaluations)
· View further events, webcasts, and chats

QUESTION. What editions/versions does Windows Server 2008 come in?

ANSWER.
Windows Server 2008 will be released with eight editions which include:
· Windows Server 2008 Standard
Windows Server 2008 is the most robust Windows Server operating system to date. With built-in, enhanced Web and virtualization capabilities, it is designed to increase the reliability and flexibility of your server infrastructure while helping save time and reduce costs. Powerful tools give you greater control over your servers, and streamline configuration and management tasks. Plus, enhanced security features work to harden the operating system to help protect your data and network, and provide a solid, highly dependable foundation for your business.
· Windows Server 2008 Enterprise
Windows Server 2008 Enterprise delivers an enterprise-class platform for deploying business-critical applications. It helps improve availability with clustering and hot-add processor capabilities, helps improve security with consolidated identity management features, and reduces infrastructure costs by consolidating applications with virtualization licensing rights. Windows Server 2008 Enterprise provides the foundation for a highly dynamic, scalable IT infrastructure.
· Windows Server 2008 Datacenter
Windows Server 2008 Datacenter delivers an enterprise-class platform for deploying business-critical applications and large-scale virtualization on small and large servers. It improves availability with clustering and dynamic hardware partitioning capabilities, reduces infrastructure costs by consolidating applications with unlimited virtualization licensing rights, and scales from 2 to 64 processors. Windows Server 2008 Datacenter provides a foundation on which to build enterprise-class virtualization and scale-up solutions.
· Windows Web Server 2008
Designed to be used specifically as a single-purpose Web server, Windows Web Server 2008 provides a rock-solid foundation of Web infrastructure capabilities in the next-generation Windows Server 2008. Integrated with the newly re-architected IIS 7.0, ASP.NET, and the Microsoft .NET Framework, Windows Web Server 2008 enables any organization to rapidly deploy Web pages, Web sites, Web applications, and Web services.
· Windows Server 2008 for Itanium-Based Systems
Windows Server 2008 for Itanium-Based Systems is optimized for large databases, line of business, and custom applications providing high availability and scalability with up to 64 processors to meet the needs of demanding and mission-critical solutions.
· Windows Server 2008 Standard without Hyper-V
Windows Server 2008 Standard is the most robust Windows Server operating system to date. It is designed to increase the reliability and flexibility of your server infrastructure while helping save time and reduce costs. Powerful tools give you greater control over your servers, and streamline configuration and management tasks. Plus, enhanced security features work to harden the operating system to help protect your data and network, and provide a solid, highly dependable foundation for your business. This product does not include Windows Server Hyper-V.
· Windows Server 2008 Enterprise without Hyper-v
Windows Server 2008 Enterprise delivers an enterprise-class platform for deploying business-critical applications. It improves availability with clustering and hot-add processor capabilities, improves security with consolidated identity management features, and reduces infrastructure costs by consolidating applications with virtualization licensing rights. Windows Server 2008 Enterprise provides the foundation for a highly dynamic, scalable IT infrastructure. This product does not include Windows Server Hyper-V.
· Windows Server 2008 Datacenter without Hyper-v
Windows Server 2008 Datacenter delivers an enterprise-class platform for deploying business-critical applications and large-scale virtualization on small and large servers. It improves availability with clustering and dynamic hardware partitioning capabilities, reduces infrastructure costs by consolidating applications with unlimited virtualization licensing rights, and scales from 2 to 64 processors. Windows Server 2008 Datacenter provides a foundation on which to build enterprise-class virtualization and scale-up solutions. This product does not include Windows Server Hyper-V.
When will Windows Server 2008 be available for purchase?
ANSWER.
Windows Server 2008 was launched on February 27, 2008, in Los Angeles, and is available for evaluation.

QUESTION. How much will Windows Server 2008 cost?

ANSWER.
Further information on pricing and licensing can be found at the Pricing and Licensing page.

QUESTION. Why should I upgrade to Windows Server 2008 from previous versions of Windows Server?

ANSWER.

Windows Server 2008 provides the latest release of the Windows Server platform. With each release, Microsoft introduces new technology while still focusing on core areas, including:
· Virtualization with Hyper-V.
· A world-class Web and applications platform.
· Improved networking performance.
· Enhanced security and compliance.
· Taking back control over your branch offices.
· Server management made easier.
· Enhanced scripting and task automation.
· Centralized application access.
· Prevent unhealthy computers from entering the network.
· Better together with Windows VistAnswer.
Learn more at the Why Upgrade page

QUESTION. What’s new in Windows Server 2008?

ANSWER.
Windows Server 2008 provides a solid foundation for your business, and has many new and enhanced features and functionality for virtualization, Web platform, and security. Read more about new features.

QUESTION. What usage scenarios does Windows Server 2008 support?

ANSWER.

Windows Server 2008 focuses on 10 core scenarios, including virtualization, high-performance computing (HPC), Web platform, security, and more. More information can be found at the Windows Server 2008 Scenario site.

QUESTION. What is virtualization? Does Windows Server 2008 offer virtualization technology?

ANSWER.

Virtualization applications, such as Virtual Server 2005 and Hyper-V, allow information technology personnel to virtualize hardware resources, such as CPU, RAM, hard disk, and network controllers, to create fully functional virtual machines that can run their own operating system and applications just like a physical computer. Windows Server 2008 will include Windows Server Hyper-V, a powerful virtualization technology with strong management and security features. Hyper-V will help businesses reduce costs, increase agility and system availability for production server consolidation, disaster recovery, test and development, and, when coupled with System Center Virtual Machine Manager, the end-to-end management of dynamic data centers. You can learn more about Microsoft Virtualization solutions by visiting the Virtualization Center.

QUESTION. What management improvements does Windows Server 2008 provide?

ANSWER.

Simplifying the day-to-day complexities of server administration is a key theme in many of the enhancements included in Windows Server 2008. New management tools, like the Server Manager Console, provide a single, unified console for managing a server's configuration and system information, displaying server status, identifying problems with server role configuration, and managing all roles installed on the server. You can learn more by visiting the Server Management page.

QUESTION. What is Windows Server 2008 Server Core installation option?

ANSWER.
The Server Core installation option of the Windows Server 2008 operating system is a new option for installing Windows Server 2008. A Server Core installation provides a minimal environment for running specific server roles that reduces the maintenance and management requirements and the attack surface for those server roles. To provide this minimal environment, a Server Core installation installs only the subset of the binaries that are required by the supported server roles. For example, the Explorer shell is not installed as part of a Server Core installation. Instead, the default user interface for a Server Core installation is the command prompt. Once you have installed and configured the server, you can manage it either locally at the command prompt or remotely by using Remote Desktop. You can also manage the server remotely by using the Microsoft Management Console (MMC) or command-line tools that support remote use.

QUESTION. What Identity Management enhancements does Windows Server 2008 provide?

ANSWER.
Windows Server 2008 expands on the Microsoft Identity and Access foundation with several new features and technologies to help organizations improve operational efficiency, simplify compliance, and strengthen security. These include read-only domain controllers (RODC), AD Server Core role, enhancements in authentication support, and other new and improved features for information protection. You can see the entire list at the Identity and Access Management page.

QUESTION. What changes have there been in Windows Server 2008 Terminal Services?

ANSWER.

With Terminal Services in Windows Server 2008, Microsoft releases its most powerful centralized application platform ever, offering an impressive array of new capabilities that dramatically improve the administrator and user experiences. Terminal Services now provides centralized access to individual applications without the need to provide the whole remote desktop. Applications running remotely are integrated with the local user’s desktop—looking, feeling, and behaving like local applications. Organizations can provide more secure access to centralized applications or desktops, and other resources from the Internet, by using HTTPS, without needing to provide access via a virtual private network (VPN) or opening up unwanted ports on firewalls. This reduces the complexity needed to provide secure remote access to applications and data for users, partners, or customers. For deployments with several servers, the new load-balancing features provide a simple way to ensure optimal performance by spreading sessions among the least-loaded available resources. Further information can be found at the Presentation Virtualization page.

QUESTION. Have there been any clustering enhancements for Windows Server 2008?

ANSWER.
In Windows Server 2008, the improvements to failover clusters (formerly known as server clusters) are aimed at simplifying clusters, making them more secure, and enhancing cluster stability. These include new cluster validation tools, improvement to setup and migration, improvements to management and operations, infrastructure, storage, security, and networking. You can find further information on Windows Server 2008 clustering by visiting the High Availability page.

QUESTION. How secure is Windows Server 2008?

ANSWER.

Windows Server 2008 has been designed with security fully in mind. Some of the primary new security benefits in the operating system help your organization to:
· Protect your network against unauthorized or unhealthy computers.
· Deploy small footprint specialized servers.
· More highly secure server communication.
· Improve branch office security.
· Reduce server attack surfaces.
· Control service security.
· Provide best-of-breed data encryption.
You can learn more about the security enhancements of Windows Server 2008 by visiting the Security and Policy Enforcement page.

QUESTION. What is Network Access Protection?

ANSWER.
Network Access Protection (NAP) addresses the industry-wide problem of unhealthy computers accessing and compromising an organization's network. NAP is used to help ensure that any computer connecting to the network meets the health requirements defined by your company policy, to limit network access for computers not meeting the predefined requirements, to provide remediation services to get those computers back to a healthy state, and to provide ongoing compliance-checking. Learn more by visiting the Security and Policy Enforcement page.

QUESTION. How does Windows Server 2008 support my Web applications?

ANSWER.
Windows Server 2008 provides a highly secure, easy-to-manage platform for developing and reliably hosting applications and services that are delivered from the server or over the Web. New features include simplified management, increased security, and both performance and extensibility improvements which deliver a unified platform for Web publishing that integrates Internet Information Services 7.0 (IIS 7.0), ASP.NET, Windows Communication Foundation, and Microsoft Windows SharePoint Services. You can learn more by visiting the Web and Application Platform page.

QUESTION. Have there been any other core enhancements in Windows Server 2008?

ANSWER.
There have been numerous new and existing enhancements for core features with the introduction of Windows Server 2008, many of which can be viewed on the Compare Editions pages.

QUESTION. How does Windows Server 2008 work with Windows Vista?

ANSWER.
Both the Windows Vista operating system and Windows Server 2008 provide numerous new and enhanced features and business benefits on their own. However, when both are installed, organizations can realize additional benefits, including more efficient management, greater availability, and faster communication. You can learn more on the Windows Server 2008 and Windows Vista—Better Together page.

QUESTION. What applications work with Windows Server 2008?

ANSWER.

See a full list of supported Microsoft applications for Windows Server 2008. For third-party solutions, please visit the ISV Solutions Center.

QUESTION. Are there tools available to assess my infrastructure readiness for Windows Server 2008?

ANSWER.

Yes, the Microsoft Assessment and Planning (MAP) Toolkit will assess readiness for migration to Windows Server 2008.

QUESTION. Where can I find further information about deploying Windows Server 2008?

ANSWER.
The Windows Server TechCenter provides practical information on evaluating, deploying, and supporting Windows Server 2008.


QUESTION. How does Windows Server 2008 differ from other operating systems?

ANSWER.

You can find further information on comparing Windows Server with operating systems, such as UNIX, LINUX, and mainframe computers, by visiting the windowsserver/compare site.

Sunday, September 27, 2009

CubeWorks

CubeWorks is a productivity tool that was created with the realization that completing a task often requires information from more than one source.

It displays a cube containing six applications at a time, one on each cube face. This allows a user to access multiple sources quickly, helps them visualize the information and makes navigation easier.

Getting things done becomes more efficient.

Applications

Applications that can be loaded on to the cube faces are:

  • a full function web browser.
  • a powerful, rich text editor and file browser.
  • a notebook for organizing notes along with a set of templates.
  • a search application that allows you to search content stored on the phone including contacts, call logs, calendar entries, bookmarks, text messages and application content.
  • a communications application that allows you to quickly visualize recent communication with your contacts and drill down into them.
  • the android calculator which contains scientific functions and a history tape.

Key Concepts

Feature List

http://cubeworksmobile.com/

Tuesday, September 22, 2009

General keyboard shortcuts

Remember these keys when ur mouse is not working this is very helpful.



General keyboard shortcuts



CTRL+C (Copy)
CTRL+X (Cut)
CTRL+V (Paste)
CTRL+Z (Undo)
DELETE (Delete)
SHIFT+DELETE (Delete the selected item permanently without placing the item in the Recycle Bin)
CTRL while dragging an item (Copy the selected item)
CTRL+SHIFT while dragging an item (Create a shortcut to the selected item)
F2 key (Rename the selected item)
CTRL+RIGHT ARROW (Move the insertion point to the beginning of the next word)
CTRL+LEFT ARROW (Move the insertion point to the beginning of the previous word)
CTRL+DOWN ARROW (Move the insertion point to the beginning of the next paragraph)
CTRL+UP ARROW (Move the insertion point to the beginning of the previous paragraph)
CTRL+SHIFT with any of the arrow keys (Highlight a block of text)
SHIFT with any of the arrow keys (Select more than one item in a window or on the desktop, or select text in a document)
CTRL+A (Select all)
F3 key (Search for a file or a folder)
ALT+ENTER (View the properties for the selected item)
ALT+F4 (Close the active item, or quit the active program)
ALT+ENTER (Display the properties of the selected object)
ALT+SPACEBAR (Open the shortcut menu for the active window)
CTRL+F4 (Close the active document in programs that enable you to have multiple documents open simultaneously)
ALT+TAB (Switch between the open items)
ALT+ESC (Cycle through items in the order that they had been opened)
F6 key (Cycle through the screen elements in a window or on the desktop)
F4 key (Display the Address bar list in My Computer or Windows Explorer)
SHIFT+F10 (Display the shortcut menu for the selected item)
ALT+SPACEBAR (Display the System menu for the active window)
CTRL+ESC (Display the Start menu)
ALT+Underlined letter in a menu name (Display the corresponding menu)
Underlined letter in a command name on an open menu (Perform the corresponding command)
F10 key (Activate the menu bar in the active program)
RIGHT ARROW (Open the next menu to the right, or open a submenu)
LEFT ARROW (Open the next menu to the left, or close a submenu)
F5 key (Update the active window)
BACKSPACE (View the folder one level up in My Computer or Windows Explorer)
ESC (Cancel the current task)
SHIFT when you insert a CD-ROM into the CD-ROM drive (Prevent the CD-ROM from automatically playing)
CTRL+SHIFT+ESC (Open Task Manager)




Dialog box keyboard shortcuts



If you press SHIFT+F8 in extended selection list boxes, you enable extended selection mode. In this mode, you can use an arrow key to move a cursor without changing the selection. You can press CTRL+SPACEBAR or SHIFT+SPACEBAR to adjust the selection. To cancel extended selection mode, press SHIFT+F8 again. Extended selection mode cancels itself when you move the focus to another control.



CTRL+TAB (Move forward through the tabs)
CTRL+SHIFT+TAB (Move backward through the tabs)
TAB (Move forward through the options)
SHIFT+TAB (Move backward through the options)
ALT+Underlined letter (Perform the corresponding command or select the corresponding option)
ENTER (Perform the command for the active option or button)
SPACEBAR (Select or clear the check box if the active option is a check box)
Arrow keys (Select a button if the active option is a group of option buttons)
F1 key (Display Help)
F4 key (Display the items in the active list)
BACKSPACE (Open a folder one level up if a folder is selected in the Save As or Open dialog box)




Microsoft natural keyboard shortcuts



Windows Logo (Display or hide the Start menu)
Windows Logo+BREAK (Display the System Properties dialog box)
Windows Logo+D (Display the desktop)
Windows Logo+M (Minimize all of the windows)
Windows Logo+SHIFT+M (Restore the minimized windows)
Windows Logo+E (Open My Computer)
Windows Logo+F (Search for a file or a folder)
CTRL+Windows Logo+F (Search for computers)
Windows Logo+F1 (Display Windows Help)
Windows Logo+ L (Lock the keyboard)
Windows Logo+R (Open the Run dialog box)
Windows Logo+U (Open Utility Manager)




Accessibility keyboard shortcuts



Right SHIFT for eight seconds (Switch FilterKeys either on or off)
Left ALT+left SHIFT+PRINT SCREEN (Switch High Contrast either on or off)
Left ALT+left SHIFT+NUM LOCK (Switch the MouseKeys either on or off)
SHIFT five times (Switch the StickyKeys either on or off)
NUM LOCK for five seconds (Switch the ToggleKeys either on or off)
Windows Logo +U (Open Utility Manager)




Windows Explorer keyboard shortcuts



END (Display the bottom of the active window)
HOME (Display the top of the active window)
NUM LOCK+Asterisk sign () (Display all of the subfolders that are under the selected folder)
NUM LOCK+Plus sign (+) (Display the contents of the selected folder)
NUM LOCK+Minus sign (-) (Collapse the selected folder)
LEFT ARROW (Collapse the current selection if it is expanded, or select the parent folder)
RIGHT ARROW (Display the current selection if it is collapsed, or select the first subfolder)




Shortcut keys for Character Map



After you double-click a character on the grid of characters, you can move through the grid by using the keyboard shortcuts:



RIGHT ARROW (Move to the right or to the beginning of the next line)
LEFT ARROW (Move to the left or to the end of the previous line)
UP ARROW (Move up one row)
DOWN ARROW (Move down one row)
PAGE UP (Move up one screen at a time)
PAGE DOWN (Move down one screen at a time)
HOME (Move to the beginning of the line)
END (Move to the end of the line)
CTRL+HOME (Move to the first character)
CTRL+END (Move to the last character)
SPACEBAR (Switch between Enlarged and Normal mode when a character is selected)




Microsoft Management Console (MMC) main window keyboard shortcuts



CTRL+O (Open a saved console)
CTRL+N (Open a new console)
CTRL+S (Save the open console)
CTRL+M (Add or remove a console item)
CTRL+W (Open a new window)
F5 key (Update the content of all console windows)
ALT+SPACEBAR (Display the MMC window menu)
ALT+F4 (Close the console)
ALT+A (Display the Action menu)
ALT+V (Display the View menu)
ALT+F (Display the File menu)
ALT+O (Display the Favorites menu)




MMC console window keyboard shortcuts



CTRL+P (Print the current page or active pane)
ALT+Minus sign (-) (Display the window menu for the active console window)
SHIFT+F10 (Display the Action shortcut menu for the selected item)
F1 key (Open the Help topic, if any, for the selected item)
F5 key (Update the content of all console windows)
CTRL+F10 (Maximize the active console window)
CTRL+F5 (Restore the active console window)
ALT+ENTER (Display the Properties dialog box, if any, for the selected item)
F2 key (Rename the selected item)
CTRL+F4 (Close the active console window. When a console has only one console window, this shortcut closes the console)




Remote desktop connection navigation



CTRL+ALT+END (Open the Microsoft Windows NT Security dialog box)
ALT+PAGE UP (Switch between programs from left to right)
ALT+PAGE DOWN (Switch between programs from right to left)
ALT+INSERT (Cycle through the programs in most recently used order)
ALT+HOME (Display the Start menu)
CTRL+ALT+BREAK (Switch the client computer between a window and a full screen)
ALT+DELETE (Display the Windows menu)
CTRL+ALT+Minus sign (-) (Place a snapshot of the entire client window area on the Terminal server clipboard and provide the same functionality as pressing ALT+PRINT SCREEN on a local computer.)
CTRL+ALT+Plus sign (+) (Place a snapshot of the active window in the client on the Terminal server clipboard and provide the same functionality as pressing PRINT SCREEN on a local computer.)



Microsoft Internet Explorer navigation



CTRL+B (Open the Organize Favorites dialog box)
CTRL+E (Open the Search bar)
CTRL+F (Start the Find utility)
CTRL+H (Open the History bar)
CTRL+I (Open the Favorites bar)
CTRL+L (Open the Open dialog box)
CTRL+N (Start another instance of the browser with the same Web address)
CTRL+O (Open the Open dialog box, the same as CTRL+L)
CTRL+P (Open the Print dialog box)
CTRL+R (Update the current Web page)
CTRL+W (Close the current window)

Second hard drive says write-protected

I've got a new 2008 enterprise terminal server. I've installed all my apps to the 2nd hard drive. Now for no reason, I can't write to the drive and my apps can't either as they all crash as soon as they need to.

I get this exact error when simply trying to create a directory in the root of the drive:

"The disk is write-protected.

Remove the write-protection or use another disk."

I'm logging in as the local admin, domain admin makes no diff. I've also given full permissions to "everyone" with no luck. How the heck can I fix this bugger?

Now here is the Solution:-

do the following


on cmd prompt launch "diskpart.exe"

on the diskpart prompt, do the following

LIST DISK

This will give you a list of all disks in your system
Note down the number of your problem disk, then do the folloiwng

SELECT DISK x

Where x is the number of your problem disk, then do the following

DETAIL DISK

This will list all the details of your problem disk
Check if the ReadOnly flag is set to Yes

If the ReadOnly flag is set to Yes, do the follwing

ATTR DISK CLEAR READONLY

This should clear the flag on the disk, please retry your disk operations

If ths does not solve it, we have another flag on the volume, same command, but now on volume:

LIST VOLUME
SELECT VOLUME x
DETAIL VOLUME
ATTR VOLUME CLEAR READONLY

Network Ports Used by Key Microsoft Server Products

Usefull link:-

First MS link

Second prepared by me

List of DNS record types

Good to enhance knowledge.

List of DNS record types

Enable SQL Report Builder Anonymous Access

Enabling Anonymous Access to Report Builder Application Files

Report Builder uses ClickOnce technology to download and install application files on the client computer. When it starts on the client computer, the ClickOnce application launcher will make a request for additional application files on the report server computer. If the report server is configured for Basic authentication, the ClickOnce application launcher will fail the authentication check because it does not support Basic authentication.

To work around this issue, you can configure Anonymous access to the Report Builder program files. Doing so allows ClickOnce to bypass the authentication check when retrieving its files. Enable Anonymous access by doing the following:

  1. Verify that the report server is configured for Basic authentication.
  2. Create a bin folder under ReportBuilder and copy four assemblies to the folder.
  3. Add the IsReportBuilderAnonymousAccessEnabled element to the RSReportServer.config and set it to True. After you save the file, the report server creates a new endpoint to Report Builder. The endpoint is used internally to access program files and does not have a programmatic interface that you can use in code. Having a separate endpoint allows Report Builder to run in its own application domain within the Report Server service process boundary.
  4. Optionally, you can specify a least-privilege account to process requests under a security context that is different from the report server. This account becomes the anonymous account for accessing Report Builder files on a report server. The account sets the identity of the thread in the ASP.NET worker process. Requests that run in that thread are passed to the report server without an authentication check. This account is equivalent to the IUSR_ account in Internet Information Services (IIS), which is used to set the security context for ASP.NET worker processes when Anonymous access and impersonation are enabled. To specify the account, you add it to a Report Builder Web.config file.

The report server must be configured for Basic authentication if you want to enable Anonymous access to the Report Builder program files. If the report server is not configured for Basic authentication, you will get an error when you attempt to enable Anonymous access.

For more information about authentication issues and Report Builder, see How to: Configure Report Builder 1.0 and Report Builder 2.0 Access.

To configure Report Builder access on a report server configured for Basic authentication.

Verify the report server is configured for Basic authentication by checking the authentication settings in the RSReportServer.config file.

Create a BIN folder under the ReportBuilder folder. By default, this folder is located at \Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\ReportBuilder.

Copy the following assemblies from the ReportServer\Bin folder to the ReportBuilder\BIN folder:

  • Microsoft.ReportingServices.Diagnostics.dll
  • Microsoft.ReportingServices.Interfaces.dll
  • ReportingServicesAppDomainManager.dll
  • RSHttpRuntime.dll

Optionally, create a Web.config file to process Report Builder requests under an Anonymous account:





Authentication mode must be set to Windows if you include a Web.config file.

Identity impersonate can be True or False.
  • Set it to False if you do not want ASP.NET to read the security token. The request will run in the security context of the Report Server service.
  • Set it to True if you want ASP.NET to read the security token from the host layer. If you set it to True, you must also specify userName and password to designate an Anonymous account. The credentials you specify will determine the security context under which the request is issued.
Save the Web.config file to the ReportBuilder\bin folder.

Open RSReportServer.config file, in the Services section, find IsReportManagerEnabled and add the following setting below it:

Save RSReportServer.config and close the file.

Restart the report server.

Download link:-
Anonymous_Access_to_Report_Builder_Application_Files.docx

Monday, September 21, 2009

Super Talent’s RAIDDrive SSDs Targeted for Enterprise Servers, Workstation and Gaming Segments


SSD (Solid State Device) is trending towards replacing magnetic based hard disk drive
but typically, its capacity and pricing is still not comparable with conventional hard disks. Good news now, Super Talent has unveiled one of the largest RAIDDrive SSDs in the world targeted for server and high end gaming segments.

super-talent-2tbraiddrive

There are three series of RAIDDrives being tailored for different requirements, namely RAIDDrive ES (Enterprise), RAIDDrive WS (Workstation) and RAIDDrive GS (Gamers). While the ES and WS version is based on SLC flash maximize up to 1TB only, the GS version is designed with MLC that can reach up to 2TB capacity, offering more performance needed for gaming segment. Besides, Super Talent’s SSD is featured with a PCI Express 2.0 X 8 interface
and can boost up to 4GBps bandwidth which is ten times and five times faster than SATA-II and SATA-III interfaces respectively. Being designed specifically and optimized for NAND flash memory, it can support a sequential read and write speeds up to 1.4GBps and 1.2GBps respectively.

However, pricing is still a huge gap and those who would like to get this extremely huge SSD may have to wait a bit longer since it will be retailed at $4999 for GS version at 1TB and may only be affordable by enterprise’s users.

Friday, September 18, 2009

119 Tips for Passing the Microsoft Windows

Nice Document:-

119 Tips for Passing the Microsoft Windows

Windows IIS server hardening checklist

Windows IIS server hardening checklist

General

Accounts

Files and Directories

Shares

Ports

Registry

Auditing and Logging

Sites and Virtual Directories

Script Mappings

ISAPI Filters

IIS Metabase

Server Certificates

Machine.config

General

1. Do not connect an IIS Server to the Internet until it is fully hardened.

2. Place the server in a physically secure location.

3. Do not install the IIS server on a domain controller.

4. Do not install a printer.

5. Use two network interfaces in the server -- one for admin and one for the network.

6. Install service packs, patches and hot fixes.

7. Run IISLockdown run on the server.

8. Install and configure URLScan.

9. Secure remote administration of the server and configure for encryption, low session time-outs and account lockouts.

10. Disable unnecessary Windows services.

11. Ensure services are running with least-privileged accounts.

12. Disable FTP, SMTP and NNTP services if they are not required.

13. Disable Telnet service.

14. Disable ASP.NET state service if not used by your applications.

15. Disable webDAV if not used by the application, or secure it if it is required. (See How To: Create a secure webDAV Publishing Directory at support.microsoft.com.)

16. Do not install Data Access Components unless specifically needed.

17. Do not install the HTML version of the Internet Services Manager.

18. Do not install the MS Index Server unless required.

19. Do not install the MS FrontPage Server extensions unless required.

20. Harden TCP/IP stack.

21. Disable NetBIOS and SMB (closing ports 137, 138, 139 and 445).

22. Reconfigure Recycle Bin and Page file system data policies.

23. Secure CMOS settings.

24. Secure physical media (floppy drive, CD-ROM drive and so on).

Accounts

1. Remove unused accounts from the server.

2. Disable Windows Guest account.

3. Rename Administrator account and set a strong password.

4. Disable IUSR_MACHINE account if it is not used by the application.

5. Create a custom least-privileged anonymous account if applications require anonymous access.

6. Do not give the anonymous account write access to Web content directories or allow it to execute command-line tools.

7. If you host multiple Web applications, configure a separate anonymous user account for each one.

8. Configure ASP.NET process account for least privilege. (This only applies if you are not using the default ASP.NET account, which is a least-privileged account.)

9. Enforce strong account and password policies for the server.

10. Restrict remote logons. (The "Access this computer from the network" user-right is removed from the Everyone group.)

11. Do not share accounts among administrators.

12. Disable Null sessions (anonymous logons).

13. Require approval for account delegation.

14. Do not allow users and administrators to share accounts.

15. Do not create more than two accounts in the Administrators group.

16. Require administrators to log on locally or secure the remote administration solution.

Files and Directories

1. Use multiple disks or partition volumes and do not install the Web server home directory on the same volume as the operating system folders.

2. Contain files and directories on NTFS volumes.

3. Put Web site content on a non-system NTFS volume.

4. Create a new site and disable the default site.

5. Put log files on a non-system NTFS volume but not on the same volume where the Web site content resides.

6. Restrict the Everyone group (no access to \WINNT\system32 or Web directories).

7. Ensure Web site root directory has deny write ACE for anonymous Internet accounts.

8. Ensure content directories have deny write ACE for anonymous Internet accounts.

9. Remove remote IIS administration application (\WINNT\System32%#92;Inetsrv\IISAdmin).

10. Remove resource kit tools, utilities and SDKs.

11. Remove sample applications (\WINNT\Help\IISHelp, \Inetpub\IISSamples).

12. Remove IP address in header for Content-Location.

Shares

1. Remove all unnecessary shares (including default administration shares).

2. Restrict access to required shares (the Everyone group does not have access).

3. Remove Administrative shares (C$ and Admin$) if they are not required (Microsoft Management Server (SMS) and Microsoft Operations Manager (MOM) require these shares).

Ports

1. Restrict Internet-facing interfaces to port 80 (and 443 if SSL is used).

2. Run IISLockdown run on the server.

Registry

1. Restrict remote registry access.

2. Secure SAM (HKLM\System\CurrentControlSet\Control\LSA\NoLMHash). This applies only to standalone servers.

Auditing and Logging

1. Audit failed logon attempts.

2. Relocate and secure IIS log files.

3. Configure log files with an appropriate file size depending on the application security requirement.

4. Regularly archive and analyze log files.

5. Audit access to the Metabase.bin file.

6. Configure IIS for W3C Extended log file format auditing.

7. Read How to use SQL Server to analyze Web logs at support.microsoft.com

Sites and Virtual Directories

1. Put Web sites on a non-system partition.

2. Disable "Parent paths" setting.

3. Remove potentially dangerous virtual directories including IISSamples, IISAdmin, IISHelp and Scripts.

4. Remove or secure MSADC virtual directory (RDS).

5. Do not grant included directories Read Web permission.

6. Restrict Write and Execute Web permissions for anonymous accounts in virtual directories.

7. Ensure there is script source access only on folders that support content authoring.

8. Ensure there is write access only on folders that support content authoring and these folders are configured for authentication (and SSL encryption, if required).

9. Remove FrontPage Server Extensions (FPSE) if not used. If FPSE are used, update and restrict access to them.

10. Remove the IIS Internet Printing virtual directory.

Script Mappings

1. Map extensions not used by the application to 404.dll (.idq, .htw, .ida, .shtml, .shtm, .stm, idc, .htr, .printer).

2. Map unnecessary ASP.NET file type extensions to "HttpForbiddenHandler" in Machine.config.

ISAPI Filters

1. Remove from the server unnecessary or unused ISAPI filters.

IIS Metabase

2. Restrict access to the metabase by using NTFS permissions (%systemroot%\system32\inetsrv\metabase.bin).

3. Restrict IIS banner information (Disable IP address in content location).

Server Certificates

1. Ensure certificate date ranges are valid.

2. Only use certificates for their intended purpose (For example, the server certificate is not used for e-mail).

3. Ensure the certificate's public key is valid, all the way to a trusted root authority.

4. Confirm that the certificate has not been revoked.

Machine.config

1. Map protected resources to HttpForbiddenHandler.

2. Remove unused HttpModules.

3. Disable tracing.

4. Turn off debug compiles.