Blog Archives

Howto: Sonicwall SSL-VPN (NetExtender) on Windows 8.1

Those familiar with the Sonicwall SSL-VPN 2000 appliance and Windows are used to connect to the SSLVPN using the NetExtender software. Older versions of the NetExtender appliance will still offer this software when connected using the browser.There are various forums actually providing instructions on how-to install this old software on Windows 8.1. Most include instructions like disabling the WHQL (windows driver signing) check leaving your system vulnerable. Once the software is installed you will prob run in to various issues including: RRAS isn’t addressed properly, Unable to connect even though authentication is working fine, no routes are being added after a successful connection is established.

Not many people seem to know that Sonicwall mobile vpn provider is a build-in option in windows 8.1. It is -obviously- also the preferred method to connect. Naturally because all the Windows security mechanisms are kept in place using the readily available Sonicwall mobile provider. The instructions below will guide you through the steps required to configure an VPN profile for the SSLVPN appliance and offers an alternative to the older NetExtender software. Additionally consider the maintenance options you have implementing these using domain policies 😉 

  1. Type: Windows key + S;
  2. In the search field type: VPN;
  3. Select the ‘manage virtual private networks’ option;
  4. Select ‘Add a VPN Connection’;
  5. In the ‘VPN provider’ select the ‘Sonicwall Mobile Connect’ option;
  6. Type a descriptive name in the ‘Connection name’ field;
    (this name will be visible throughout windows)
  7. In the ‘Server name or Address’ field type the webadress without the protocol portion. example:
    NetExtender: https://vpn.company.com
    Adress field: vpn.company.com
  8. Select save;
  9. Close all the windows;
  10. Type: Windows key + S;
  11. In the search field type: VPN;
  12. Now select ‘Connect to a network’;
  13. Select your created profile;
  14. In the username field use the following:
    domain\username (remember the domain portion is case sensitive!)
  15. Type your password;
  16. Connect.

If all is correct the connection should come up without any problems. If this is not the case, then please review the advanced settings. These settings are available in the ‘manage virtual private networks’ by selecting the ‘edit’ option on the created profile. (steps 1/3).

You can simply review the routes as follows:

  1. Type: Windows key + R;
  2. In the run field type: powershell;
  3. Run the command: route print | Out-GridView;

Hope this helps.

p.s.
If you have already disabled driver signing in a previous attempt, then please re-enable it.
Driver root kits are fairly common and a real risk!

Advertisements

Exact Globe, folder allready exists during CLIOP export to network.

On Windows 7.

If you get an error message suggesting that the user doesnt have the correct rights to create a new directory inside the designated CLIOP export networkpath. This might be, because you are running Exact in an elevated state (as administrator). This is needed by some users to netupdate the client, but will cause all sorts of problems when the client is used in this state.

To resolve this problem, verify that the user has the proper rights on the designated network location. This can simply be done by opening the path in windows explorer, next create a folder and file. If this is succesfull the network rights are correct (so you dont need to create a new support call 😉

Next verify that the exact client isnt running as administrator. You can verify this by rightclicking the shortcut, and then select properties. Locate the ‘Compatibility’ tab, and verify that the checkbox ‘run as administrator’ isnt checked. IF it is, uncheck it and apply the new settings.

If network policies allow, also verify that the checkbox isnt checked on the exact binairy inside the exact installation dir.

I hope this helps 🙂

Rgrds, Chris

Optimize Windows Server TCP/IP settings

When you are installing windows Server 2003 from the box, you should always realize that the TCP settings used might not be optimal for the network environment in which the server was installed. The default settings used by Windows are optimized by the windows OS and will ensure a stable and sure data flow, but in some cases these settings can be optimized using a series of registry settings.

Read the rest of this entry

peimg.exe missing? here is how to fix it :)

Facts.

peimg is not being used anymore in the WAIK for windows 7. Instead you need to use the dism command. because the help is hidden pretty well, here is the Help you prob. are looking for 🙂

To get all the available options on the “offline” wim image provided by dism you need to run the following.


# Mount the image as usual (use the WAIK command line from the start menu

imagex /mountrw C:\path\to\image.wim {1/2}* C:\path\to\mount-dir\

*There can be multiple images in a wim image, for boot.wim these are 1 = Microsoft Windows PE, 2= Microsoft Windows Setup. The 1 or 2 in the given command selects the required image.

#To get all the dism options type the following;
dism /image:C:\path\to\mount-dir /?

Keep in mind that sub options have new help menus. For example, adding additional drivers has new help instructions that are accasible by calling;

dism /image:c:\path\to\mounted\image /add-driver /?

All the base options provided by dism

Image Version: 6.1.7600.16385

The following commands may be used to service the image:

UNATTEND SERVICING COMMANDS:
/Apply-Unattend - Applies an unattend file to an image.

DRIVER SERVICING COMMANDS:
/Remove-Driver - Removes driver packages from an offline image.
/Add-Driver - Adds driver packages to an offline image.
/Get-DriverInfo - Displays information about a specific driver
in an offline image or a running operating system.
/Get-Drivers - Displays information about all drivers in
an offline image or a running operating system.

WINDOWS PE COMMANDS:
/Apply-Profiles - Applies profiles to the Windows PE image.
/Disable-Profiling - Disables profiling.
/Enable-Profiling - Enables profiling.
/Get-PESettings - Displays Windows PE image information.
/Get-Profiling - Gets the enabled/disabled state of the Windows PE
profiler.
/Get-ScratchSpace - Gets the configured amount of Windows PE system
volume scratch space.
/Get-TargetPath - Gets the target path of the Windows PE image.
/Set-ScratchSpace - Sets the scratch space of the Windows PE image.
/Set-TargetPath - Sets the target path of the Windows PE image.

INTERNATIONAL SERVICING COMMANDS:
/Set-LayeredDriver - Sets keyboard layered driver.
/Set-UILang - Sets the default system UI language that is used
in the mounted offline image.
/Set-UILangFallback - Sets the fallback default language for the system
UI in the mounted offline image.
/Set-UserLocale - Sets the user locale in the mounted offline image.
/Set-SysLocale - Sets the language for non-Unicode programs (also
called system locale) and font settings in the
mounted offline image.
/Set-InputLocale - Sets the input locales and keyboard layouts to
use in the mounted offline image.
/Set-TimeZone - Sets the default time zone in the mounted offline
image.
/Set-AllIntl - Sets all international settings in the mounted
offline image.
/Set-SKUIntlDefaults - Sets all international settings to the default
values for the specified SKU language in the
mounted offline image.
/Gen-LangIni - Generates a new lang.ini file.
/Set-SetupUILang - Defines the default language that will be used
by setup.
/Get-Intl - Displays information about the international
settings and languages.

PACKAGE SERVICING COMMANDS:
/Add-Package - Adds packages to the image.
/Remove-Package - Removes packages from the image.
/Enable-Feature - Enables a specific feature in the image.
/Disable-Feature - Disables a specific feature in the image.
/Get-Packages - Displays information about all packages in
the image.
/Get-PackageInfo - Displays information about a specific package.
/Get-Features - Displays information about all features in
a package.
/Get-FeatureInfo - Displays information about a specific feature.
/Cleanup-Image - Performs cleanup and recovery operations on the
image.

For more information about these servicing commands and their arguments,
specify a command immediately before /?.

Examples:
DISM.exe /Image:C:\test\offline /Apply-Unattend /?
DISM.exe /Image:C:\test\offline /Get-Features /?
DISM.exe /Online /Get-Drivers /?

Elevation and altering hosts / system files in windows7

In the past days we started to roll out the first of many windows 7 clients we noticed that some of my collegues where having trouble altering system configuration files. One of the files that was most discussed was the local hosts file that allows you to configure name to ip mappings on the local machine.

The reason this file can`t be edited on the fly is because you need to ‘elevate’ the editor or command prompt to gain write permissions inside the windows folder. Even though you ‘might’ be part of the local administrators groep doesnt mean these priviledges are available on the fly as was the case in XP. Disabling the UAC in this matter will only remove the ‘warnings’ from your screen but still doesnt mean the ‘elevation’ can be skipped for administrative tasks.

In some cases windows 7 will run an program as administrator (elevated) by default, in these cases a ‘small bleu/yellow shield’ will be displayed near the link. In all other cases elevation should be done by ‘you’ or progamatically by the program itself.

But how to elevate in windows 7?

Run single command as administrator
1. open the start menu and locate the ‘search programs and files’ field.
2. In the field type the following command:
notepad c:\%systemroot%\system32\drivers\etc\hosts
3. Next execute this command using the following key combination:
press-hold ‘control + shift’ and hit enter.
4. confirm the UAC message warning you for the elevation.

Step 4 can be used with alternative executables as well but only works (could be a bug) in the ‘search programs and files’ field. Using the ‘windows-key + r’ to open the ‘run dialog’ wont allow you to elevate using the ‘control + shift’ combination.

Shortcut manually as administrator
In XP there was a somewhat ‘hidden’ feature called the ‘run as’ option that appeared when a shortcut was rightclicked while holding the left shift key. In windows 7 microsoft now shows a ‘run as administrator’ option by default (thanks for that 🙂 ). This means that ‘any’ shortcut can be ran as administrator (elevated) by simply right-clicking it and selecting the ‘run as administrator’ option.

Set shortcut to allways run as administrator
If you like to run programs as administrator by default you will need to create a shortcut on your desktop. Next edit the properties of the shortcut and locate the ‘compatibility’ tab. In the bottom there should be an option called ‘privilege level’ that allows you to set the ‘magic switch’ called ‘run this program ad an administrator’.

Scripts as administrator?
Scripts are always a fun part when it comes to elevation. One thing to take notice about is that non-functioning login scripts are usualy caused by default policies that are in place inside the windows7 host. In other words ‘Configuration errors’. Please refference the microsoft documentation about this.

For all other ‘scripting’ tasks if elevation is required from within your script, have a look at the powertoys ‘elevation’ found here,
http://technet.microsoft.com/en-us/magazine/2008.06.elevation.aspx

Other ‘tricks’ that i have seen used where executing ‘other’ vb scripts from the initial script using a ‘runas wscript’ shell command. Downside is that you might need to hardcode passwords in there wich i think is a ‘worst’ practise in any situation and shouldnt be used. I leave the choice to you on this subject.

Hope this helps.
Rgrds,

Adding Statical Routes.

SUSE

#Replace the eth0 in ifroute-# with the actual interface in your box.
vim /etc/sysconfig/network/ifroute-eth0

#Add the following rule with this structure
#[Dest IP Addr] [GW IP Addr] [Subnet Mask] [Device]
10.0.0.2 100.0.0.1 255.255.255.255 eth0

#Save the file

RHEL/ OEL

#Replace the eth0 in route-# whti the actual interface in your box.
vim /etc/sysconfig/network-scripts/route-eth0

#Add the route information like so;
ADDRESS0=10.0.0.2
NETMASK0=255.255.255.255
GATEWAY0=100.0.0.1

ADDRESS1=ip.ip.ip.ip
NETMASK1=msk.msk.msk.msk
GETWAY1=gw.gw.gw.gw

#Save the file

WINDOWS

route -p add 10.0.0.2 mask 255.255.255.255 100.0.0.1 metric 1

# Stored in
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes

OEL5.3

Howto Linux X-Server on windows.

Whats this?
Oke here a small but hopefully “strong” little tutorial on how to “display” linux X compontents on your windows desktop. This might help you administer linux machines easier without the need to install a VNC deamon or have X enabled or even installed on the remote Linux box.

Read the rest of this entry

Installing Nvidia Quadro display drivers on Windows 7 Professional.

Oke, first off this I will not guarantee that this will not cause any problems in the future, or that this method will work for you!
As you might have noticed there are no supported Quadro drivers for windows 7 at this very moment, But do check the vendor site for any updates before attempting this work arround
.

When to apply
1. Setup halts with an error stating the opperating system isnt correct.

What to try first?
1. Try the Vista Drivers first, they usually install without any error messages. This is still no guarantee that the driver will function properly.

WARNING!
If your display isnt working afterward, do use the “Savemode” option (F8/boot options) to rollback the driver installation. Be sure to understand this before attempting the installation. Creating a restore point might also work out for you.

Work-Arround
1. oke, download the drivers for your system (Mine where on the Dell site as expected 😉
2. Unpack the drivers to your disk (c:\dell\drivers\#####\, or c:\NVIDIA\)
3. Find the “Setup.exe” file
4. Rightclick it, and find the tab compatibility
5. Select “Windows Vista [distr.] SP3”
6. Select Apply > Ok.
7. Rightclick the setup.exe again (if the next option doesnt show, press hold the left shift key while right clicking)
8. Select “Run as administrator”
9. Follow the Installer, and reboot afterward as usual.

Any keynotes, other solutions, other sources? Please be so kind to share them 🙂

Good Luck and hope this helped 😉

Hide drives in Windows XP.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\
Explorer]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\
Explorer]

Drives refference (Binairy), please not that the registry entry (Reg_Dword) is HEX by default.

A: 1, B: 2, C: 4, D: 8, E: 16, F: 32, G: 64, H: 128, I: 256, J: 512, K: 1024, L: 2048, M: 4096, N: 8192, O: 16384, P: 32768, Q: 65536, R: 131072, S: 262144, T: 524288, U: 1048576, V: 2097152, W: 4194304, X: 8388608, Y: 16777216, Z: 33554432, ALL: 67108863

If multiple drives are hidden, then the sum of values apply to the key. I.e.

Hiding “C: & D:”
C: 4 + D: 8 = 12, in which case the regkey should get the value “12” binairy or “12” Hex 😉

Memo : Windows Server 2008 Core Commands

Well if i ever need to do something like setting an IP on a Windows server 2008 Core machine, this is where i can find the manuals.

http://technet.microsoft.com/en-us/library/cc753802.aspx

Nice product for a stub location though 😀