What is wonderful that, there is a hidden admin in Windows 7 and it is not activate by default!
Now you may be curious how to activate it….
Click “Start” and on “Search box”, just type cmd and press Enter key!
When it comes, type as: net user administrator /active:yes
In Windows 7 you often see that, it may go into hibernation / sleep mode, although it helps to save power, but some people feels it is a problematic ! So, if you want to turn it off, just pass this:
powercfg -h off
Sometimes, it is necessary to speed up the shutting down time in Windows 7….
Click “Start” and on “Search box”, just type regedit and locate for the key as:
and make the Value as lower of your choice on the key “WaitToKillServiceTimeout” default is 12000 i.e. 12 sec !
Don’t Worry Windows XP users ! there is a way to speed up the Shutting down time of XP….this mechanism is also available, but a little difference !
After finishing your work, press Ctrl+Alt+Del to open Taskbar > Shut Down menu, select Turn Off by holding Ctrl key. Same tricks also applicable for Restart.
Now, I am going to describe some of the new features of Windows 7 Enterprise / Ultimate !
DirectAccess: Allows users to connect securely to the corporate network through the Internet without need of VPN.
BranchCache It helps to increase the optimization of applications; it provides such an enhancement to the end-users in remote offices that just like an experience to working in head office. Users in a branch office don’t need to wait as long to download files from headquarters. When BranchCache enables, a copy of data accessed from an intranet / a file server is cached locally within the branch office. When another user on same network requests the file, he /she gets the file instantly as it is downloaded prior from the local cache. It supports common protocols like HTTP & HTTPS and server messaging block or SMB. It can work with Secure Sockets Layer or SSL, and Internet Protocol security /IPSec. The use of BranchCache to locally cache content and Web pages will enable SYSTEX to reduce expensive network bandwidth by least 20 percent. Read here for, SYSTEX CASE STUDY
Another a unique feature, not only you can protect data of your computer, it is possible also even on removable drives: With huge growth of using of mobile computers, of course the question of security arising. In 2008, 42% of respondents to the Computer Security Institute Computer Crime and Security Survey of enterprise IT professionals report that their organizations experienced theft of laptops or mobile devices.
With Windows 7, you can protect important data by using BitLocker Drive Encryption feature. BitLocker to Go extends BitLocker data protection to USB storage devices, enabling them to be restricted with a passphrase / password. You can set a policy (GP) to having control over this, which requires users to apply BitLocker protection to removable drives before being able to write to them.
BitLocker to Go provides administrators control over how removable storage devices can be utilized within their environment and the strength of protection that they require. Policies are also available to require appropriate passwords / passphrase, smart card, or domain user credentials to utilize a protected removable storage device.
Easier to set up, Whether you need to protect internal or removable drives, BitLocker in Windows 7 makes that protection easy because it works with almost any drive. Windows 7 simplifies the encryption of internal drives by automatically creating the hidden boot partition necessary to use BitLocker to protect the OS volume, eliminating the need to manually select that option during installation or to repartition the drive afterward. Best of all, BitLocker can be enabled on drives running Windows 7 with a simple right-click.
Happy Windows 7 (ing)…..]]>
It is best fits for small business that does not have Active Directory or useful for peer-to-peer networking. It is better to keep in mind about several problems before going to implement it, as described here:
If there is necessary to manage resources (like file sharing / printer sharing) with Linux; Mac OS; XP; and even Vista, this creates much more trouble for this kind of network even you make Windows 7 as tiny server with full rights. It is recommended that, if you need that type of work, go for Windows 2008 or at least windows 2003 or Linux Server (preferably Red Hat / SuSE).
And if you want for truly cost effective solution, then move for NAS (Network Attached Storage).
Another problem is that, when you join / create HomeGroup, it is possible to create only one with any flavour of Windows 7 (Home Premium; Professional; Enterprise or even Ultimate). That is why, you never use HomeGroup as a drop-in-replacement for existing XP’s peer-to-peer network until Microsoft will launch any new way for this.
Click Control Panel > Network Connections and right-click the adapter to access its Properties and what you see the Ipv4 has connectivity where Ipv6 has “No network access” !
If the situation is like this, you may follow the following easy steps….
Note: It is strongly recommended, to take important backup / registry before going to work with Registry !
Next reboot Windows 7 to make it ready to set up for HomeGroup network !
And the second is DIRECT ACCES, which is the most enhanced feature in Windows 7 Ipv6 mechanism and as well as Windows Server 2008 R2. As I have a practical experience to work with this unique feature and from my point of view, it has the same purpose as Virtual Private Network (VPN), i.e., it allows users to connect securely to the corporate network through the Internet. Unfortunately, this wonderful feature only you can get with Windows 7 Enterprise and Ultimate flavors. It is a great combination when Windows Server 2003 / Windows Server 2008 used Ipv6 with Internet Protocol Security or IPSec considering Windows 7.
There are several advantages with DirectAccess….
It can optimize the performance both Windows 7 as client and Data-center’s network.
It does not need to have or run native Ipv6 on network to use DirectAccess.
It Works together with NAP (Network Access Protection) and NAC (Network Access Control) solutions.
It is not necessary to reconnect if the Internet connection failure.
As I mentioned about the great combination, Windows Server 2008 and Windows 7 both come with a unique mechanism called “IP-HTTPS” support. I am not going to write here much about this topic, only for a little information that, IP-HTTPS is a tunneling protocol that tunnels Ipv6 packets to hide inside an Ipv4 based HTTPS session. To use this unique Ipv6′s feature, you have to do a little task here:
It can be done through GPO for DirectAccess Windows 7 computers by….
Device: Network adapter built into the Linux System
Interface: Use a physical device, a software component creates an interface is also called driver. In Linux OS, network interfaces use a standard naming system such as eth0; eth1…..
Link: It uses the term link to refer to the connection of a device to the network
Address: Must assign an IP address (either static / dynamic) based on ipv4 or ipv6. It is possible to assign more than one address to a network device / NIC
Broadcast: By sending a network packet to the broadcast address, it is possible to reach all hosts in the locally connected network at the same time.
Route: An IP packet takes from the source to the destination host. It also refers to an entry in the routing table of the Kernel.
Normally, YaST helps to configure a network card during / after installation. Using a very simple and built-in tool called ip tool, which helps to configure through Command Line. Of-course you have root privilege to use this tool.
To see ip address setup of all NICs: ip address show or ifconfig (you can see the man page)
Generally, there are three network interfaces (if you have only one NIC):
lo: This is the loopback device, which is available on every Linux OS (it doesn’t matter, what the flavor it is) even when no network adapter is installed. This is a virtual device, that may use to communicate with each other by using IP like 127.0.0.1 or open a browser and type as ping localhost
eth0: The first Ethernet adapter which physically exists and have a IP address as Class A or Class B or Class C
sit0: It is a special kind of virtual device which may be used to encapsulate IPv4 into IPv6 packets.
Remember, generally sit0 is not used in IPv4 network. And IPv6 has different kind of architecture, so it does not use IPv4 procedure.
So, where is IPv5…. There is a story behind that.
IPv5 is an experimental protocol for UNIX based systems. In keeping with standard UNIX release conventions, all odd-numbered versions are considered experimental. It was never intended to be used by the general public.
For example, in IPv4 setup of the device displays as: inet 192.168.1.1/24 brd 255.255.255.0 scope global eth0. Here 192.168.1.1 is IP address follows inet, 255.255.255.0 is broadcast address and the length displays in bits 24 seperated by a / (slash)
To see network attributes type as: ip link show and
the possible attributes are….
UP: It means, the device is turned on
LOOPBACK: It means, this is a virtual network device
BROADCAST: It means, the network device may send packets to all hosts sharing the same network
POINTTOPOINT: It means, the network device may only connected to one other device
MULTICAST: This stands for the network device may send packets to a group of other systems at the same time
PROMISC: It means, the network device listens to all packets on the network. It is useful for network monitoring.
To see additional statistics info about the network device type as: ip –s link show eth0
Note: Provide the device name at the end (eth0), it helps to show output for only one specific device. The section where RX displays information about received packets and the section TX shows information about sent packets.
How to Change Settings of the Installed Network Device….
To assign an IP address type as: ip add 192.168.1.1/24 brd + dev eth0
Here 192.168.1.1 is an assigned IP, you can change as you want. The brd + option sets the broadcast address automatically as determined by the network mask.
To verify the IP address type as: ip address show dev eth0 or hostname –i
To delete IP address, type as: ip address del 192.168.1.1 dev eth0
To change the network device attributes (as I mentioned earlier)
To make enable a network device, type as: ip link set eth0 up or ifup eth0
To make disable a network device, type as: ip link set eth0 down or ifdown eth0
You can use other tool called as “ifcfg”, to use it, type as:
ifcfg eth0 add ipaddr (like 192.168.1.1)
ifcfg eth0 del ipaddr
It is necessary to save the configuration settings in configuration files. The configuration files for network devices are located in /etc/sysconfig/network/. It is must to create one configuration file for every network device. The file name starts as, ifcfg-eth-id- and then followed by hardware address of the network device. It is recommended, configure the network device with YaST first and then make changes in configuration files. The configuration file includes several lines, which can be explained as below….
BOOTPROTO=’static’, this is the way, how the network device is configured either STATIC or DHCP. If it is DHCP, it shows as, BOOTPROTO=’dhcp’
REMOTE_IPADDR=’’, for point-to-point connection, here need to set value for remote IP address
STARTMODE=’onboot’, it determines, how the network device is started. The options are,
auto=determines if the network device starts at boot time i.e. ‘onboot’ or initializes at run time
manual=means, the network device is started manually with ifup
ifplugd=means, when it is plugged or you may set as IFPLUGD_PRIORITY
UNIQUE=‘rBUF.+xOL8ZCSAQC’ _nm_name=’bus-pci-0000:00:0b.0’, for example, it is added by YaST when network device is configured.
BROADCAST=’’; IP ADDR=’192.168.1.1’; NETMASK=’255.255.255.0’; NETWORK=’’, they are all network address configuration
MTU=’’, Maximum Transmission Unit is a value that helps to increase the transmit rate. Default value is 1500 bytes
ETHTOOL_OPTIONS=’’, it is used for querying settings & changing of a network device.
Note: The file /etc/sysconfig/network/ifcfg.template contains a template, which can be used for device configuration files.
Setting up Routing With the ip Tool….
I am focusing only the most common routing scenarios!
To see the current routing table, type as: ip route show
Depending on setup of computer, the content of the routing table varies as,
One route to the local network the system is connected to
One route to the default gateway for all other packets
To add route, type as: ip route add ipaddr/24 dev eth0, ipaddr as your IP address for eg. 10.0.0.100/24.
To set a route to a different network, type as: ip route add 192.168.1.0/24 via 10.0.0.100
That means, all packets for the network 192.168.1.0 are sent through gateway 10.0.0.100
To set a default route, type as: ip route add default via 10.0.0.100
To delete an entry from routing table, type as: ip route delete ipaddr/24
The configuration file is /etc/sysconfig/network/routes
Now writing about the most universally known the command both on Windows and Linux Systems. Yes, it is “PING” but there are several options that few to know….
-c (count) = The no of packets to be sent
-l (interface) = Specifies network interface to be used, if there are several interfaces
-i (seconds) = Specifies no of seconds wait between individual packet shipments
-f (flood ping) = Packets are sent one after another at the same rate. Only root can use
-n (numerical) = To get numerical output of IP address
-t (time to live) = Sets the time to live for packets to be sent
-w (maxwait) = For timeout in seconds
-b (broadcast) = Sends packets to the broadcast address of the network
There is a useful diagnostic tool called “TraceRoute”. It uses UDP packets, which are called “datagrams”. It can be used to collect information about every router on the way to the destination host.
The command is used as include hostname: traceroute abcd (abcd is hostname, u must change with your own). Instead of use hostname, you may use IP address.
Configure Host Name and Name Server….
Set the host name is configured in the file /etc/HOSTNAME (yes, HOSTNAME is capital). This file contains Fully Qualified Domain Name or FQDN. You can change the content of the files manually by opening it on any of your favorite editor like gedit / vi / kate / joe.
The name resolution is configured in the file called /etc/resolv.conf. You can configure up to three name servers manually as stated above.]]>
Sorry Linux Users…. In this part I am going to discuss Printer configuration through Command Line Interface Rather Than GUI
In SuSE Linux at a Glance in View of Rechil Part – 2, I wrote a little about PPD files !
PPD (PostScript Printer Description is the computer language that describes the properties as resolution and options as duplex unit of PostScript printers. During installation a lot of PPD files are preinstalled. In this way, even printers that do not have built-in PostScript support can be used. The best approach is to get a suitable PPD file & store it in the directory /usr/share/cups/model. It may possible to select PPD file during installation. If the model does not show up, click Add Driver > Browse in the printer model dialog & follow the simple steps to add the PPD file to the database. You can see the current settings of a local queue by entering: lpoptions -p queuename -l. Here queuename means, the name of the printer name.
Note: The sequence of options is important here, if you specify -l first, the settings of the default queue are listed.
This command changes the page size of the lp queue to Letter:
lpoptions -p lp -o PageSize=Letter
If root applies the command, this file stores in /etc/cups/lpoptions. There is a way for root to change the defaults in the PPD file of any local queue. Such changes would apply network wide to all users: lpadmin -p queue -o options=name
Note:You can also get information of the commands covered above in a browser using this URL….
& printer save options: /usr/share/doc/packages/cups/sum.html#SAVING_OPTIONS
Understand How CUPS Works….
CUPS can be seen as a replacement for the LPD printing system. It replaces the lpr command with its own and the LPD printer drivers with its own versions. If your CUPS installation came with a Linux distribution, you should still take a look through this section to verify that this has a practical level of security. This section covers how to configure digest authentication, the most useful type of authentication available for the CUPS Web administration interface. Run through the following steps on a new installation:
Scan the cupsd.conf for a section that looks like this:
<Location /admin> AuthType Basic AuthClass System ## This Section Restrict Access to Local Domain Order Deny,Allow Deny From All Allow From 127.0.0.1 </Location>
Change AuthType Basic to AuthType Digest. Basic authentication sets up a Web browser to send Linux users passwords as plain text.
There are four steps to understand the process of printing!
A print job is submitted by a user / by a program
The file destined for the printer is stored in a print queue which creates two files per print job in the directory: /var/spool/cups, one of the file contains the actual data to print and the other one contains information about the print job.
The cupsd printer daemon acts as the print spooler
The conversion of print data is done as:
The data type is determined using the way: /etc/cups/mime.types
/etc/cups/mime.convs helps to convert data into PostScript
After converting, the program called pstops (which is in /usr/lib/cups/filter/pstops) using to count no of pages, which is written to /var/log/cups/page_log
CUPS uses other filtering as pstops is needed. For eg. psselect of pstops makes it possible to limit the printout to a certain selection of pages. Even you may use, ps-n-up option of pstops allows to print several pages on one sheet.
Note: To know more about filtering, see, usr/share/doc/packages/cups/sum.html. CUPS can use printers shared from computers under Windows and network printers using the SMB protocol. You configure a “Windows printer using Samba”. Basically, all you have to tell CUPS is the address of the printer, as in smb://server/printer
If the selected printer is not a PostScript printer CUPS starts the proper filter to convert data into the printer-specific format and for instance it is as in /usr/lib/cups/filter/cupsomatic
CUPS may use another kind of filter / backend depending on connection. They are found in, /usr/lib/cups/backend and you may see them by using the command: ls /usr/lib/cups/backend
When the print job has been transferred to the printer, print spooler deletes the job and starts processing the next steps. When job is deleted, the print data file in /var/spool/cups is removed.
Notes: Actually, the file that has information about the print job is not deleted. The first job is named as c00001. The no is increased for each file by one. Remember, /etc/printcap (which I mentioned earlier) is a link to /etc/cups/printcap and it is generated & updated automatically by cupsd and is relevant for a no of applications such as OpenOffice / MS Office
So, Where is the Log Files…. That Should Help to Track the Error_Log Files!
The log files of CUPS are stores in the directory: /var/log/cups. Actually there are three files named as:
The access_log file: It records all lists each HTTP resource that is accessed by a web browser of CUPS/IPP client
The error_log file: It manages the lists of messages from the scheduler and the indications are, E means, An error occurred; W means, Server was unable to perform an action; I means, Informational messages and D means, Debugging messages.
The page_log file: It lists each page that is sent to a printer.
Tips: For troubleshooting CUPS related problems, set the Log Level to Record Errors in the way as: open /etc/cups/cupsd.conf and set as “LogLevel debug2” (without quotes)
Restrict Access to Printers for Users and Groups… (Command Line – Printer)
If you want, you may restrict access to the printers on a user and groups. By configuring YaST and selecting a queue in the main Printer Configuration dialog and then selecting Edit > Restriction Settings. There are several choices that unfolds in front of you, but you can choose any one!
All Users Can Use This Printer
The Following Users Can Use This Printer (either select Add to insert users or groups to add groups)
The Following Users Cannot Use This Printer (same as the above point)
You can use Command Line to do the same job. For instance, to permit printing for individual users: lpadmin –p printerqueue –u allow:username1, username2
Even for groups: lpadmin –p printerqueue –u allow:@groupname
Here printerqueue means printer name and username means user name like rechil and group name means, any group name that exists.
Once again, to prohibit printing for users or groups: lpadmin –p queue –u deny:rechil,@guests
And to permit printing for all: lpadmin –p printerqueue –u allow:all or not to permit just replace allow with deny:none
To start cups: rccups start / rccups restart
To stop cups: rccups stop
Run the following command to add an admin user to the CUPS digest password file i.e. /etc/cups/passwd.md5
lppasswd -a admin
When prompts, choose a password containing at least six characters and one number, and this is for security purpose.
How to Install a Test Printer in a Test Lab…..
Run this command to add a test printer: lpadmin -p test -v file:/dev/null
Verify that the printer status: lpstat -p (if it shows disabled then pass the following)
Send a job to the printer: echo test | lp -d test
Use the following command to make sure this: lpstat -W completed -l test
Remove the test printer by using this command: lpadmin -x test
Tips: These are all written to the file /etc/cups/printers.conf]]>
If any module is configured through YaST , there is a back-end service called ‘SuSEconfig’ which I mentioned earlier. Now, the question is “What is the utility of SuSEconfig”….
When information enters is first written to a file in the directory called /etc/sysconfig before it is written into the final configuration file. It is a very important tool that is used to configure the system according to the variables that are set in the various files in /etc/sysconfig & its sub-directories. These files contain variables like SYSLOGD_PARAMS=”" in /etc/sysconfig/syslog & SMTPD_LISTEN_REMOTE=”no” in /etc/sysconfig/mail. After modification files in /etc/sysconfig/ using an editor, need to do is restart service for the change to take effect. It is also necessary to run SuSEconfig. For proper work, it is recommended run SuSEconfig after manually editing files in /etc/sysconfig. There is a specific scripts in /sbin/conf.d to configure the various subsystems while SuSEconfig uses this subsystem.
Printer Configuration through YaST….
Printers can be configured in two ways ! During installation, when hardware configuration dialog box appears, most of the printers are connected locally, can be detected automatically. And another is after installation through YaST Control Center. Or with the command yast2 printer and can start YaST printer configuration module directly from a terminal window (By right click on the desktop and select Terminal). To set up a Print Server, the packages are required….
Until YaST is used for printer configuration, these files are not installed automatically.
There are two ways to add a printer. Through GUI (yast2) and from Command Line.
Through GUI i.e. yast2, you may open a terminal with root privilege and type as yast2 printer or from Yast Conrol Center > Printer > under Hardware > Printer. When a dialog box comes, the upper part lists the printers that have already been detected . If the printer does not show, then select Add to add it manually. Depending on selection here, the next dialog (Printer Configurations) offers like,
Print via Network
If a printer is locally attached, then it shows in the list and the check boxes (Local & Remote) already checked. For this purpose, select Edit to configure with proper driver. If the printer does not show up in the upper part then it is necessary to configure it manually by selecting Add. Next select Connection Wizard and there are five sections.
Parallel Port (For Dot Matrix Printer type only)
USB Port (For DeskJet/Laserjet and this type)
Serial Port (Generally not in use)
Bluetooth (Connection via this type only)
SCSI (Generally not in use)
Note: To see if HPLIP is installed properly, open terminal and type as: hp-setup and on next dialog box comes as Choose Connection Type and then follow on-screen instructions.
Tips: To know more about HPLIP commands, simply type as: hp- and press TAB key twice. OR type as: hp-toolbox and see how it is easy to install HP printers on Linux systems. I recommended before install any HP printer, it is necessary to install HPLIP software including HP-Plug ins for smooth operation.
TCP Port (AppSocket/JetDirect) (For HP JetDirect Printer only)
Line Printer Daemon (LPD) Protocol (Almost not in use)
Microsoft Windows/SAMBA [SBM/CIFS] (Printer which is connected other than Linux OS)
Traditional UNIX Server (LPR)
Specify Arbitrary Device URI (Also called Device URI)
Send Print Data to Other Program (pipe)
I am discussing here, which are the most important use that are based on network….
IPP is based on HTTP protocol. This is the preferred protocol for a forwarding queue between CUPS server. The port no of IPP is 631.
Device URI (Universal Resource Identifier) can be used to specify rather configure a printer.
LPD is described in RFC 1179 which is found at www. Ietf.org/rfc.html. The port no is 515.
SAMBA (SMB/CIFS) Standard Message Block/Common Internet File System) supports printing on printers connected to other than Linux OS or better to say Windows share. The port nos are 137; 138 and 139
TCP Port (AppSocket/JetDirect) is used to connect to a printer equipped with a network port as HP JetDirect system. The port nos are 9100 or 35.
Add a Printer from the Command Line….
After collecting the necessary informations like PPD (PostScript Printer Description) file and name of the printer and model, you may type the following to connect a printer ! (of course with root privilege)
lpadmin -p -v \ -P -E
-p specifies the print queue name, while -v sets the device URI attribute of the printer queue and -P is used to specify the PPD file.
Caution: Never use -E as the first option. It implies the use of an encrypted connection and as the end option enables printer to accept jobs.
To install a parallel printer type as:
lpadmin -p ps -v parallel:/dev/lp0 -P \ /usr/share/cups/model/xxxx.ppd.gz -E
Here /dev/lp0 means first parallel port of the printer. xxxx.ppd.gz means, the name of the PPD file.
Once again to add a network printer, type as:
lpadmin -p ps -v socket:/// -P \ /usr/share/cups/model/xxxx.ppd.gz -E
Here, 9100 is the port no and ipaddr means, the ip address of the computer where the printer locally attached/installed.
Notes: Documentation for these command line tools is installed with the package cups in /usr/share/doc/packages/cups/, for
1. CUPS Software Users Manual: sum.html and sum.pdf
2. CUPS Software Administration Manual: sam.html and sam.pdf
There are two kinds of style to manage printers.
1. Berkeley Style and
2. System V Style
Compared with Berkeley Style, System V Style provides more extensive range of features for printer administrations.
Generate a print job: Berkeley Style –
System V Style –
If you want to disable duplex printing just insert duplex=none before the printfilename.
To view possible options: lpoptions -l
Tips: For more information, type as man lpr and man lp
See the print jobs: lpq -P or lpstat -o -p
Cancel/Delete Print Jobs: lprm -P jobno or cancel jobno
Enable printer queue: /usr/bin/enable
Disable printer queue: /usr/bin/disable
Reject print jobs: /usr/sbin/reject
Accept print job: /usr/sbin/accept
Note: The reject command is useful, when need to perform maintenance on a printer and will not be available for a significant period of time. lpstat -a shows information on the accepting states of a queue.
To use the Web Interface for printer configuraton: http://<ipaddr>:631 for eg. 192.168.1.1:631 or http://localhost:631
Remember, Common Unix Printing System or CUPS is the default printing system used in most Linux OS. The main configuration file is /etc/cups/cupsd.conf. Information on print queues is kept in /etc/cups/printers.conf. The PPD files are generally located in /etc/cups/ppd/. The defined queues file is /etc/printcap.
To create a member of the CUPS administration group sys: lppasswd -a root -g sys
Here is the CUPS URL
There are lots more to tell on Printer Installation for various types or models of printers on Linux System. I will come on my next blog (in SuSE Linux at a Glance in View of Rechil Part-3). Needless to say that, Network Card can be also configured through command line.