Q. How can I export and import my private keys from one machine to
another?
A. By default, private keys are stored in the requesting user's or
computer's certificate store. If you use multiple machines, you might
want your private key on multiple machines. To do so, perform these
steps:
1. Start the Microsoft Management Console (MMC) (Start, Run, MMC).
2. From the File menu, select Add/Remove Snap-in.
3. Select the Standalone tab and Click Add.
4. Select Certificates and click Add. Click Close.
5. Click OK to the main Add/Remove Snap-in dialog box.
6. Select Certificates, Current User, Personal, Certificates.
7. In the right pane, right-click the certificate you want to export
(e.g., Exchange User) and select All Tasks, Export, from the context
menu.
8. Click Next to the Export Wizard welcome dialog box.
9. Select "Yes, export the private key" and click Next.
10. Leave the default export options and click Next.
11. Enter a password for the export and click Next.
12. Enter a location and name for the exported key and click Next.
13. Click Finish in the summary dialog box.
14. Click OK to the export confirmation dialog box.
Copy the export key file to another machine and perform the following
steps to import the key:
1. Start the MMC console.
2. From the File menu, select the Add/Remove snap-in.
3. Select the Standalone tab and click Add.
4. Select Certificates and click Add, then click Close.
5. Click OK to the main Add/Remove Snap-in dialog box.
6. Select Certificates, Current User, Personal, Certificates.
7. Right-click Certificates and select Import from the context menu.
8. Click Next at the Import Wizard welcome screen.
9. Enter the name of the file to import, as Figure 18
(http://list.windowsitpro.com/t?ctl=1B162:24641 ) shows,
and click Next.
10. Enter the password for the export file and, optionally, select
the check box to enable the key to be exportable again in the future.
Click Next.
11. Select the option to store the certificate in the default
Personal store and click Next.
12. Click Finish to complete the import.
13. Click OK to the import confirmation message.
After the import is complete, encrypted messages will be readable on
the additional machine.
Tuesday, December 20, 2005
Friday, November 25, 2005
Checking If File Is In Use
function IsFileInUse(fName : string) : boolean;
var
HFileRes : HFILE;
begin
Result := false;
if not FileExists(fName) then exit;
HFileRes :=
CreateFile(pchar(fName),
GENERIC_READ or GENERIC_WRITE,
0, nil, OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
0) ;
Result := (HFileRes = INVALID_HANDLE_VALUE) ;
if not Result then
CloseHandle
var
HFileRes : HFILE;
begin
Result := false;
if not FileExists(fName) then exit;
HFileRes :=
CreateFile(pchar(fName),
GENERIC_READ or GENERIC_WRITE,
0, nil, OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
0) ;
Result := (HFileRes = INVALID_HANDLE_VALUE) ;
if not Result then
CloseHandle
Wednesday, August 31, 2005
Copy User Profile
I'm trying to copy a user profile but the Copy To button is grayed
out in the dialog box in the System Control Panel applet. How can I
access this functionality?
A. The grayed out Copy To button usually occurs when you try to copy a
profile that has been used since the computer has been started. Reboot the
computer and don't log on as the profile you're trying to copy. The Copy To
button should now be available. Also remember that you can't copy the
profile you're currently logged on as.
out in the dialog box in the System Control Panel applet. How can I
access this functionality?
A. The grayed out Copy To button usually occurs when you try to copy a
profile that has been used since the computer has been started. Reboot the
computer and don't log on as the profile you're trying to copy. The Copy To
button should now be available. Also remember that you can't copy the
profile you're currently logged on as.
How can I set the default domain user profile?
Most people are aware that you can set the default base profile on a per-
workstation basis by replacing the "C:\Documents and Settings\Default User"
folder on each local workstation. However, instead of performing this action
on every workstation, you can specify a domainwide default profile. To do
so, you need to save the required profile to the domain's Netlogon folder as
name "Default User" by performing the following steps:
1. Create a profile that you want to use as the default profile for all
new users and log off as the user.
2. Log on to the workstation as a domain administrator.
3. Start the System Control Panel applet (Start, Settings, Control Panel,
System).
4. Select the Advanced tab.
5. Click Settings in the User Profiles section of the tab.
6. Select the profile you created in the first step and click Copy To.
7. In the "Copy profile to" field, enter a location of <domain
controller>\netlogon\default user. In the "Permitted to use" field, click
Change and set to Everyone, as the figure at
http://list.windowsitpro.com/t?ctl=1218F:24641
shows. Click OK.
8. Click OK to the User Profiles dialog box, then click OK to the System
Properties dialog box.
When a new user logs on to a workstation for the first time, he or she will
now have a profile based on the default profile stored on the Netlogon
share. However, because end users can easily change these default profile
settings, you'll typically want to use Group Policy instead of this method
to set the mandatory configuration options. Group Policy settings will
override attempts by the user to modify the profile settings.
workstation basis by replacing the "C:\Documents and Settings\Default User"
folder on each local workstation. However, instead of performing this action
on every workstation, you can specify a domainwide default profile. To do
so, you need to save the required profile to the domain's Netlogon folder as
name "Default User" by performing the following steps:
1. Create a profile that you want to use as the default profile for all
new users and log off as the user.
2. Log on to the workstation as a domain administrator.
3. Start the System Control Panel applet (Start, Settings, Control Panel,
System).
4. Select the Advanced tab.
5. Click Settings in the User Profiles section of the tab.
6. Select the profile you created in the first step and click Copy To.
7. In the "Copy profile to" field, enter a location of <domain
controller>\netlogon\default user. In the "Permitted to use" field, click
Change and set to Everyone, as the figure at
http://list.windowsitpro.com/t?ctl=1218F:24641
shows. Click OK.
8. Click OK to the User Profiles dialog box, then click OK to the System
Properties dialog box.
When a new user logs on to a workstation for the first time, he or she will
now have a profile based on the default profile stored on the Netlogon
share. However, because end users can easily change these default profile
settings, you'll typically want to use Group Policy instead of this method
to set the mandatory configuration options. Group Policy settings will
override attempts by the user to modify the profile settings.
WMI Mac address
Q. How can I use Windows Management Instrumentation (WMI) to enumerate MAC
addresses on a machine?
A. You can enumerate a machine's list of network adapters and find the
associated MAC address. The following sample code, which you can
download at
http://list.windowsitpro.com/t?ctl=12191:24641 , prints out
the network adapter name and the MAC address. Because of space limitations,
some lines wrap to two lines.
Dim objNetworkAdapters, objAdapter, objWMI
Set objWMI = Nothing
Set objWMI = GetObject("winmgmts:")
' Get a list of IP-enabled adapters.
Set objNetworkAdapters = objWMI.ExecQuery("select * from " & _
"Win32_NetworkAdapterConfiguration where IPEnabled = 1")
For Each objAdapter In objNetworkAdapters
wscript.echo "Network adapter: " & objAdapter.Caption & " has MAC " & _
"address " & objAdapter.MacAddress
Next
Here's a sample execution output showing two adapters on the machine:
D:\temp>cscript getmac.vbs
Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.
Network adapter: [00000009] Broadcom 570x Gigabit Integrated Controller has
MAC address 00:0F:1F:25:DC:76
Network adapter: [00000014] Intel(R) PRO/Wireless 2200BG Network Connection
has MAC address 00:0E:35:6E:2C:B4
addresses on a machine?
A. You can enumerate a machine's list of network adapters and find the
associated MAC address. The following sample code, which you can
download at
http://list.windowsitpro.com/t?ctl=12191:24641 , prints out
the network adapter name and the MAC address. Because of space limitations,
some lines wrap to two lines.
Dim objNetworkAdapters, objAdapter, objWMI
Set objWMI = Nothing
Set objWMI = GetObject("winmgmts:")
' Get a list of IP-enabled adapters.
Set objNetworkAdapters = objWMI.ExecQuery("select * from " & _
"Win32_NetworkAdapterConfiguration where IPEnabled = 1")
For Each objAdapter In objNetworkAdapters
wscript.echo "Network adapter: " & objAdapter.Caption & " has MAC " & _
"address " & objAdapter.MacAddress
Next
Here's a sample execution output showing two adapters on the machine:
D:\temp>cscript getmac.vbs
Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.
Network adapter: [00000009] Broadcom 570x Gigabit Integrated Controller has
MAC address 00:0F:1F:25:DC:76
Network adapter: [00000014] Intel(R) PRO/Wireless 2200BG Network Connection
has MAC address 00:0E:35:6E:2C:B4
Monday, August 29, 2005
Delphi - ForceDirectories
var sDir : string;
sDir := 'c:\apps\code\free';;
//if sDir path does not exist, create it!
if NOT DirectoryExists(sDir) then
ForceDirectories(sDir);
Friday, July 29, 2005
Do any special virus-scanning considerations exist for domain?
Protecting your DCs from viruses is vital. Here are some important
guidelines you should follow:
- Ensure that the antivirus software is certified for the version of
Windows you're running.
- Use antivirus software that's Active Directory (AD)-aware.
- Don't perform actions from a DC that might make it more
susceptible to viruses (e.g., surfing the Web).
- Avoid using a DC as a file share if load on the machine is a
concern; the additional work involved in virus-scanning files on the
shares will stress the DC.
- Don't place the AD or File Replication Service (FRS) database and
log files on a compressed NTFS volume.
- Ensure that your virus scanner doesn't scan the following AD
database files. (These are the default locations, so you might need to
modify the pathnames if you specified nondefault folders during AD
creation.)
- %windir%\ntds\ntds.dit
- %windir%\ntds\ntds.pat
- %windir%\ntds\EDB*.log
- %windir%\ntds\Res1.log
- %windir%\ntds\Res2.log
- %windir%\ntds\Temp.edb
- %windir%\ntds\Edb.chk
- Ensure that your virus scanner doesn't scan the following FRS
files. (These are the default locations, so you might need to modify
the pathnames if you specified nondefault folders during AD creation.)
- %windir%\ntfrs\jet\ntfrs.jdb
- %windir%\ntfrs\jet\sys\edb.chk
- %windir%\ntfrs\jet\log\*.log
- Also exclude these SYSVOL areas:
- %windir%\sysvol\staging areas
- %windir%\sysvol\sysvol
guidelines you should follow:
- Ensure that the antivirus software is certified for the version of
Windows you're running.
- Use antivirus software that's Active Directory (AD)-aware.
- Don't perform actions from a DC that might make it more
susceptible to viruses (e.g., surfing the Web).
- Avoid using a DC as a file share if load on the machine is a
concern; the additional work involved in virus-scanning files on the
shares will stress the DC.
- Don't place the AD or File Replication Service (FRS) database and
log files on a compressed NTFS volume.
- Ensure that your virus scanner doesn't scan the following AD
database files. (These are the default locations, so you might need to
modify the pathnames if you specified nondefault folders during AD
creation.)
- %windir%\ntds\ntds.dit
- %windir%\ntds\ntds.pat
- %windir%\ntds\EDB*.log
- %windir%\ntds\Res1.log
- %windir%\ntds\Res2.log
- %windir%\ntds\Temp.edb
- %windir%\ntds\Edb.chk
- Ensure that your virus scanner doesn't scan the following FRS
files. (These are the default locations, so you might need to modify
the pathnames if you specified nondefault folders during AD creation.)
- %windir%\ntfrs\jet\ntfrs.jdb
- %windir%\ntfrs\jet\sys\edb.chk
- %windir%\ntfrs\jet\log\*.log
- Also exclude these SYSVOL areas:
- %windir%\sysvol\staging areas
- %windir%\sysvol\sysvol
Disable Microsoft "Genuine Advantage"
Before pressing 'Custom' or 'Express' buttons paste this text to the address bar and press enter:
javascript:void(window.g_sDisableWGACheck='all')
It turns off the trigger for the key check.
javascript:void(window.g_sDisableWGACheck='all')
It turns off the trigger for the key check.
Thursday, July 07, 2005
Kerberos autentikáció átállítása UDP-ről TCP-re
1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\ Kerberos\Parameters
2) új DWORD MaxpacketSize 1-es decimális értékkel.
3) Számgép újraindítása
2) új DWORD MaxpacketSize 1-es decimális értékkel.
3) Számgép újraindítása
Tuesday, June 28, 2005
Q. Which ports do you need to open on a firewall to allow PPTP and L2TP?
A. To enable VPN tunnels between individual host computers or entire
networks that have a firewall between them, you must open the following
ports:
PPTP
- To allow PPTP tunnel maintenance traffic, open TCP 1723.
- To allow PPTP tunneled data to pass through router, open Protocol
ID 47.
L2TP over IPSec
- To allow Internet Key Exchange (IKE), open UDP 500.
- To allow IPsec Network Address Translation (NAT-T) open UDP 5500.
- To allow L2TP traffic, open UDP 1701.
networks that have a firewall between them, you must open the following
ports:
PPTP
- To allow PPTP tunnel maintenance traffic, open TCP 1723.
- To allow PPTP tunneled data to pass through router, open Protocol
ID 47.
L2TP over IPSec
- To allow Internet Key Exchange (IKE), open UDP 500.
- To allow IPsec Network Address Translation (NAT-T) open UDP 5500.
- To allow L2TP traffic, open UDP 1701.
Subscribe to:
Posts (Atom)