Network Administrator Knowledgebase


March 24, 2008  3:13 PM

VMware Workstation v6.0.3 Build 80004 Released

Michael Khanin Michael Khanin Profile: Michael Khanin

New features in VMware Workstation include:
Windows Vista support: Users can deploy Windows Vista as a guest or host operating system, facilitating re-hosting of legacy systems, enabling upgrade and migration projects with minimal end-user disruption and simplifying Windows Vista evaluations.
Multiple monitor display: Users can configure one virtual machine to span multiple monitors or multiple virtual machines to each display on separate monitors with this industry-first capability, enhancing desktop productivity.
USB 2.0 support: Users can take advantage of high-performance peripherals such as Apple iPods and fast storage devices.
ACE authoring capabilities: As a companion to VMware Workstation 6, VMware now offers a VMware ACE Option Pack, which enables VMware Workstation 6 users to create secure, centrally manageable virtual machines. Mobility is one of the primary benefits of this Option Pack, as it allows users to securely transport virtual machines on portable media devices such as USB memory sticks.
Integrated Physical-to-Virtual (P2V) functionality: Users can create a virtual machine in minutes by “cloning” an existing physical computer.
Integrated virtual debugger: Users can deploy, run and debug programs inside a virtual machine directly from their preferred integrated development environments (IDE‘s), accelerating debugging with this industry-first integra-tion with Eclipse and Microsoft Visual Studio.
Background virtual machine execution: Users can run virtual machines in the background without the VMware Workstation user interface for an unclutte-red user experience.
Automation APIs: Users can write scripts and programs that automate and help quicken virtual machine testing with support for VIX API 2.0.

In addition, VMware Workstation 6 advances the state of the art in virtualization technology with groundbreaking new capabilities including:
Continuous virtual machine record and replay (experimental): Users can record the execution of a virtual machine, including all inputs, outputs and decisions made along the way. On demand, the user can go “back in time” to the start of the recording and replay execution, guaranteeing that the virtual machine will perform exactly the same operations every time and ensuring bugs can be reproduced and resolved.
Virtual Machine Interface (VMI) support (experimental): VMware Workstation 6 is the first virtualization platform to allow execution of para-virtualized guest operating systems that implement the VMI interface.
VMware Workstation 6.0.3 Release Notes.

March 18, 2008  3:56 PM

Vista SP1 is available to Public

Michael Khanin Michael Khanin Profile: Michael Khanin

Microsoft JUST released to public Windows Vista SP1

http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=b0c7136d-5ebb-413b-89c9-cb3d06d12674


March 10, 2008  8:05 PM

Windows SharePoint Services 3.0 (WSS 3.0) and Form Base Authentication

Michael Khanin Michael Khanin Profile: Michael Khanin

I believe that these days it is not necessary to explain what SharePoint is.  Everyone at least heard the name. I would like to talk about how to install Windows SharePoint Services 3.0 and how to configure it to work in Form Base Authentication mode. You can ask me why Form Base Authentication Mode? There are several reasons for choosing it. One of them was to provide a Web Hosting with SharePoint enabled service. By using Form Base Authentication mode Webmaster can manage users directly through web interface. In this mode all users stored in MS SQL database, so webmaster does not need to have any permission on server or entire network.

So, let’s start from scratch, step by step.
The first step is to Install Internet Information Service (IIS). To do this I really recommend using “Manage Your Server” from Administration Tools and add a new role, Application server (IIS, ASP.NET). Please keep in mind NOT to do all this stuff on Domain Controller, please install WSS 3.0 on Member server.  After IIS successfully installed, start installation of Microsoft .NET Framework Version 2.0 Redistributable Package. If Microsoft .NET Framework Version 2.0 Redistributable Package was already installed, please reinstall it after IIS installation. When we finish with Microsoft .NET Framework Version 2.0 Redistributable Package, we have to install Microsoft .NET Framework 3.0 Redistributable Package. If Microsoft .NET Framework Version 3.0 Redistributable Package was already installed, please reinstall it after IIS installation. So far, so good. We are ready to start MS SQL 200x installation process. It is really straight forward process, so I’m not going to explain how to press NEXT NEXT NEXT :).

By this point, we already have IIS 6 and MS SQL Server installed on our server. Before we continue, PLEASE install last windows updates, at least for IIS and MS SQL.
When all new updates installed we are ready to start installation of Windows SharePoint Services (WSS 3.0). On “Chose the installation you want” screen select “Advance”.

On the next screen make selection according to the following picture:

When setup process completed, make sure to leave checkbox selected on the “Run the SharePoint Products and Technologies Configuration Wizard” and click ‘Close” button.

The “SharePoint Products and Technologies Configuration Wizard” should start immediately. On one of the next screens make selection about “farm” settings. In my case, I selected according to the following picture.

OK, now we have to provide information about our SQL server. You can see what I set on my server:

Make sure to check the next screen:

By clicking on “Advance” button on the next screen you will see some information necessary for setting up “Active Directory Account Creation Mode”, but we will speak about this in another article, right now just remember about this. So, we are not going to click on “Advance” button :) we just click on NEXT button and relax for a next few minutes until wizard completed.

OK, now we have to create our first “Web Application”. To do this we should start “SharePoint 3.0 Central Administration“ and go to the “Application Management” tab. On this tab we have to select “Create or extend Web application“.

On the next screen click on the “Create a new Web application”. Fill out all necessary information. Be careful in “Application Pool” section. Take a look at my application:

Of course, you can use other user account, not Administrator, but when I make a configuration, I prefer not to waste time on security issues and use Administrator account. When I get a working system I’m starting a hardening process and perform a security tasks. When Application created, we need to create a new site collection.  This process is straight forward, so I don’t what to provide any additional information about it. After all stuff that we did we can start IE and navigate to the http://localhost. We should gate something like this one:

At this point we can start setting up Form Base Authentication mode. Let’s allow the Anonymous access to our web site. We need to come back to our “SharePoint 3.0 Central Administration” and go to “Application Management” tab. On that tab go to Application Security section and click on “Authentication providers” link. On the next screen select your Web Application, and under “Anonymous Access” section select “Enable anonymous access” check box and then click on SAVE button. Now, when we turned on anonymous access we have to go back to our default SharePoint web site (http://localhost) and from “Site Actions” select “Site Settings”.

On the next screen click on “Advanced permissions” link and from “Settings” select “Anonymous Access

On the “Change Anonymous Access Settings: WSS 3.0” window select “Entire Web site” and click on OK button. We have enabled an Anonymous Access and we can continue to the most interesting part of this article. On the next step I recommend to install “Microsoft Visual Web Developer 2008 Express Edition” on SharePoint Server, it’s absolutely  free and could be downloaded from Microsoft. We will use “Microsoft Visual Web Developer 2008 Express Edition” later on.

One more time let’s go to the directory “C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727” and run file aspnet_regsql.exe. After a few seconds you will see “ASP.NET SQL Server Setup Wizard” window. Click NEXT button, and on the appeared window select “Configure SQL Server for application services” and YES, click NEXT again. Now we have to provide a server name where our SQL server installed and click NEXT. On the next window, you will see that wizards going to create a database aspnetdb, confirm this by clicking NEXT button and then click on FINISH button. Now, let’s open an Application Pool on our SharePoint Server and check what user we are using on “Application pool identity” screen. To do this open IIS manager, expend SERVER, Application Pools and select the pool used in SharePoint configuration. Right click on this pool and select Properties. Switch to the Identity tab. You should see a screen similar to this one:

Keep in mind, that the user used to run SharePoint application pool (On IIS server) must have permissions db_datareader and db_datawriter on just created aspnetdb database.
Now, let create a new directory, name it “UserManagement”. I created it on the following path:

C:\Inetpub\UserManagement

Inside UserManagement create a file web.config. To skip a long explanation about what should be inside this file I just show you what I have inside my:

<?xml version=”1.0″?>
<configuration>
<appSettings/>
<connectionStrings>
<clear/>
<add name=”LocalSqlServer”
connectionString=”Server=WSS3-1;Database=aspnetdb;Integrated Security=SSPI;”
providerName=”System.Data.SqlClient”/>
</connectionStrings>
<system.web>
<compilation debug=”false”>
</compilation>
<authentication mode=”Forms” />
</system.web>
</configuration>

Remember to provide a correct name of your server on the following line:

           connectionString=”Server=WSS3-1;Database=aspnetdb;Integrated Security=SSPI;”

When we done with this, we need to create a new “Virtual Directory” inside our SharePoint website. Open IIS Manager, find your SharePoint website, and right click on it, select NEW and then “Virtual Directory”.

On the “Virtual Directory Access Permissions” window allow “Read” and “Run scripts (such as ASP)” permissions. Don’t forget to go to the Properties of this virtual directory and be sure that you use the same application pool as a main SharePoint.

OK, now is time to start a “Microsoft Visual Web Developer 2008 Express Edition”. Now from directory C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG we need to open machine.config file. Inside machine.config find the following string:

“AspNetSqlMembershipProvider”

Few lines up you could see a line with following string:

“add name=”LocalSqlServer” connectionString=”

Please change this line according to the following example:

<add name=”LocalSqlServer” connectionString=”Server=WSS3-1;Database=aspnetdb;Integrated Security=SSPI;” providerName=”System.Data.SqlClient”/>

Ok, now we are going to File > Open Web site…, select Local IIS and UserManagement virtual directory:

Now, we need to start “ASP.net Web Site Administration Tool“. From the menu go to Website and select “ASP.NET Configuration“:

On the “ASP.net Web Site Administration Tool” window click on the Security link

On the next screen click on the “Select authentication type” link. Be sure that “From the internet” option selected

Now we can press DONE button. If we go to the Security tab and click on the “Create user” link we could create a new user.

All users created trough this interface will be stored inside aspnetdb database.
Now let’s open a web.config from our main SharePoint. In my case this file located at C:\Inetpub\wwwroot\wss\VirtualDirectories\80 directory. Right after line </configSections> and before <SharePoint> add the following section:

<connectionStrings>
<clear />
<add name=”LocalSqlServer” connectionString=”Server=WSS3-1;Database=aspnetdb;Integrated Security=SSPI;”
providerName=”System.Data.SqlClient” />
</connectionStrings>

Finally we have to go back to our SharePoint. Start “SharePoint 3.0 Central Administration”. Inside the SharePoint 3.0 Central Administration go to “Application Management”. Now we have to choose “Authentication providers” by clicking on the “Authentication providers” link from “Application Security” section. Pick the current Web Application and click on provider right here. Now we able to switch the Authentication Type to the Forms:

After switch to FORM we have to provide a Membership provider name. Set it to AspNetSqlMembershipProvider like I did this:

Of course, by the end click on SAVE button.

So, now we can go back to our home site and if we did all staff correctly we will be able to login by using Form Base Authentication.

Before I finish this article I’d like to show you one more thing.
By default “ASP.net Web Site Administration Tool” works ONLY locally. Here is what I did to allow using “ASP.net Web Site Administration Tool” remotely. Inside C:\Inetpub\ I created a directory ASP.NETWebAdminFiles and copy inside all content of %WINDIR%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles directory. Now, open a file App_Code\WebAdminPage.cs and change line:

return WebConfigurationManager.OpenMappedWebConfiguration(fileMap, path);

to the:

return WebConfigurationManager.OpenMappedWebConfiguration(fileMap, path,”Default Web Site”);

In the same file found the following block:

if (!application.Context.Request.IsLocal) {
SecurityException securityException = new SecurityException((string)HttpContext.GetGlobalResourceObject(“GlobalResources”, “WebAdmin_ConfigurationIsLocalOnly”));
WebAdminPage.SetCurrentException(application.Context, securityException);
application.Server.Transfer(“~/error.aspx”);
}

And remark it.

Now, create a new website that runs on port 8080 and home directory of this site should be C:\Inetpub\TEMP (without any file inside this directory). Under current website, create a new Virtual Directory (ASPADMIN) with a home directory C:\Inetpub\ASP.NETWebAdminFiles. Be sure that you use the same application pool that we use on our SharePoint website. Also, remember to check that ASP.NET version on the properties of this website and Virtual Directory. It should be 2.0.50727. In this case, I really recommend remove Anonymous access on this website.
Now, from remote computer we can use “ASP.net Web Site Administration Tool” by browsing to the following address:

http://192.168.32.10:8080/aspadmin/default.aspx?applicationPhysicalPath=C:\Inetpub\UserManagement\&applicationUrl=/UserManagement

Note: Remember to put IP address or FQDN name of your server.

At this point, I can say “The End”.


March 5, 2008  7:31 PM

Microsoft Search Server 2008 Released

Michael Khanin Michael Khanin Profile: Michael Khanin

Microsoft Search Server 2008 RTM’ed yesterday, the express edition is free!

Search Server 2008 Express Search Server 2008 Office SharePoint Server 2007


March 4, 2008  7:36 PM

Rollup 1 for Exchange Server 2007 Service Pack 1

Michael Khanin Michael Khanin Profile: Michael Khanin

Rollup 1 for Exchange Server 2007 Service Pack 1 is now released!

More information can be found here:
Description of Update Rollup 1 for Exchange Server 2007 Service Pack 1


February 28, 2008  11:14 PM

What NAP is and how it works?

Michael Khanin Michael Khanin Profile: Michael Khanin

Yesterday was the first Windows 2008 event in Canada. The first event was in Toronto and had almost 3000 attendees. Twenty MVPs participated in Ask-The-Expert and I was one of them :). One of the commonly asked questions was question about “What NAP is and how it works?

So, I’d like to show what posted on TheLazyAdmin.com about NAP:
With the recent launch of Windows Server 2008 you are no doubt spending all your free time playing around with everything new. One thing you might be playing around with is Network Access Protection. There is a great document on getting a DHCP based NAP lab set up but one thing the document is missing is how to configure the NAP client in XP SP3. In Windows Vista you simply start the service then enable the client through the NAP Client Configuration MMC (napclcfg.msc) but XP SP3 does not include the MMC. So how does one configure the NAP Client without a Nap Client configuration tool? Netsh, that is how!

To enable the NAP Client on XP SP3 you need to do the following:

  1. Start –> Run –> Services.msc
  2. Change the Network Access Protection Agent service to start automatically
  3. Start the Network Access Protection Agent service
  4. Start –> Run –> CMD.exe
  5. Type netsh nap client set enforcement ID = ##### Admin = “Enable”
  6. Start –> Run –> GPEdit.msc
  7. Drill down to Computer Configuration | Administrative Templates | Windows Components | Security Center
  8. Enable the Security Center
  9. Start –> Run –> Services.msc
  10. Start the Security Center service

You will need to replace the ##### with the ID based on whichever enforcement method you are using. You can use the following IDs for the various enforcement methods:

  • DHCP = 79617
  • RAS = 79618
  • IPSec = 79619
  • TS Gateway = 79621
  • EAP = 79623

For more labs and information see:

Step-by-Step Guide: Demonstrate IPsec NAP Enforcement in a Test Lab

Step-by-Step Guide: Demonstrate 802.1X NAP Enforcement in a Test Lab

Step-by-Step Guide: Demonstrate VPN NAP Enforcement in a Test Lab


February 28, 2008  6:15 PM

Windows Server 2008, Microsoft SQL Server 2008 and Microsoft Visual Studio 2008 Launched!

Michael Khanin Michael Khanin Profile: Michael Khanin

Yesterday was a Largest Enterprise Launch in company history includes Windows Server 2008, Microsoft SQL Server 2008 and Microsoft Visual Studio 2008; focuses on Security, Web, Virtualization and Better Business intelligence.


February 22, 2008  2:31 PM

SoftGrid 4.1 SP1 and 4.2 HFRU2 Now Available

Michael Khanin Michael Khanin Profile: Michael Khanin

This cumulative update for SoftGrid v4.1 SP1 and v4.2 provides the latest updates to SoftGrid.

New capabilities

This update provides the following new capabilities:

  • SoftGrid now supports deployment of Virtual Application .msi files that are generated by the MSI Utility for Microsoft Application Virtualization to SoftGrid clients that are running Microsoft Windows 2000 or Windows 2000 Server/Advanced Server and that have Terminal Services enabled.
  • SoftGrid 4.2 HFRU2 now supports Windows Vista Service Pack 1 (SP1).

Please Note:  The 4.1 SP1 KB article incorrectly identifies Windows Vista Service Pack 1 (SP1) as a new capability of 4.1 SP1 HFRU2.  We’re in the process of changing the article now so you should see it updated soon.

SoftGrid 4.1 SP1 HFRU2 Bits: http://support.microsoft.com/kb/938497
SoftGrid 4.2 HFRU2 Bits: http://support.microsoft.com/kb/941408


February 21, 2008  12:41 AM

Changes in Functionality from Windows Server 2003 to Windows Server 2008

Michael Khanin Michael Khanin Profile: Michael Khanin

The document describes new features and technologies, which were not available in Windows Server 2003, that will help to increase the security of computers running Windows Server 2008, increase productivity, and reduce administrative overhead.

Released on 7th Feb 2008,  containing 341 pages. Download here


February 21, 2008  12:36 AM

Group Policy Settings Reference for Windows Server 2008

Michael Khanin Michael Khanin Profile: Michael Khanin

Windows Server 2008 delivered with Administrative template files (.admx/.adml) policy settings for computer and user configurations. The policy settings included in this spreadsheet cover Windows Server 2008, Windows Vista, Windows Server 2003, Windows XP Professional and Windows 2000.

To configure these policy settings we need use Group Policy objects (GPOs). In addition, this spreadsheet includes the following categories of security policy settings:

  • Account Policies (Password Policy, Account Lockout Policy, and Kerberos Policy)
  • Local Policies (Audit Policy, User Rights Assignment, and Security Options)
  • Event Log
  • Restricted Groups
  • System Services
  • Registry
  • File System policy settings

Download here


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: