Home domain

I’ve finally decided to set up a domain on my home network. I’m trying to decide if I should use Ubuntu Server or Windows Server 2003 (Standard Edition) as the domain controller. Currently, I have an Ubuntu server (6.06.1) running BIND9, DHCP, MySQL and Apache.

We use Windows 2000 & 2003 at work so I have more experience setting it up. I want to learn more about Linux administration, though, so that makes me lean toward Linux. There’s a write-up on HowtoForge about setting up a domain controller using Ubuntu 7.10 and Samba. I plan to follow that article if I go the Linux route.

Either OS will run fine on the system I have:

The current Ubuntu server installation isn’t using many resources. Webmin shows that it’s only using 192 MB of RAM (out of 2 GB) and 0 MB of swap. I know that Windows 2003 would use more than that just with a base OS install.

I think I’ll try to get Ubuntu working first. If I can’t get it to work, I’ll load Windows 2003. Either way, I will have Apache and MySQL running because I use Jinzora as my media server. I’ve tried running Jinzora on IIS but it didn’t run as well as it does on Apache.

A nation of sheep will beget a government of wolves. - Edward R. Morrow

29.Dec.07 Linux, Networking, Windows Comments (3)

Check the hash

Many download sites are now listing the file hash values so that users can verify that the file has not been altered by a 3rd party. There are a few programs out there to allow Windows users to verify the file hash but the easiest I’ve found is HashTab. HashTab is a shell extension that adds a tab to the Windows Explorer file properties window that allows you to see the hash values of a file.

By default, the only values it shows are CRC32, MD5 and SHA-1. Those three are the most commonly used hash types. You can also add the following values through the program settings:

According to the HashTab site, version 2.0.7 is compatible with all versions of Windows. The last version, 1.14, had separate Windows x32 and x64 installers. The older version is still available from the HashTab site.

There is no safety in numbers, or in anything else. - James Thurber

21.Dec.07 Security, Software, Windows Comments (0)

Reload!

It was inevitable. I had to reload XP on my computer at work. It had to be done because I kept having little errors pop up that would crash the explorer.exe process. The “This won’t take too long” idea turned into “Do I really need all this crap?” after I realized how much software I use almost daily.

I used nLite and RyanVM Integrator to create an XP Pro install CD that had all of my drivers and most of the MS hotfixes. The drivers were the most important. The hard drives in my workstation, a Dell Precision 490, are set up on an Intel SATA RAID. The original Windows XP Pro CD doesn’t have the drivers. Integrating the drivers made it so that I didn’t have to hit F6 during the installation start. Plus, I had the latest drivers for all of the hardware installed on first boot.

It took a while to reinstall all of the applications. Once it was done, I made a Ghost backup. Everything is running much better and faster. I’m going to start utilizing the Windows XP virtual machine (VMware Server) more for testing software. I think the installing and uninstalling of software was one factor in causing the errors.

The first program I’m going to test is DriveImage XML. It’s free, backs up to an XML file and creates hot backups because it uses Microsoft’s Volume Shadow Copy service. It looks like a pretty nice application. If it runs well on the VM, I’ll install it on my workstation so that I always have a current backup.

If it takes a lot of words to say what you have in mind, give it more thought. - Dennis Roth

29.Nov.07 Windows Comments (2)

Windows: Easy MAC address spoofing

While testing out the different NAC solutions, I wanted to see how they would handle a connection where the MAC address that was previously associated with a printer was suddenly associated with a PC. The NIC in my laptop allows me to manually change the MAC address in the NIC properties. That works but I wanted an easier way to make the changes. The solution ended up being a freeware program called Technitium MAC Address Changer.

Some of the features of Technitium MAC Address Changer include:

I’m using it tomorrow to test a Cisco NAC we have on loan. The MAC address I’m going to try is currently associated with a Cisco IP phone. According to the Cisco reps, the NAC should detect that the MAC address is being used by a different system and drop me into the quarantine role. That’s just one of a few features they said works but weren’t able to demo during the initial setup.

Men will always be mad, and those who think they can cure them are the maddest of all. - Voltaire

25.Sep.07 Networking, Software, Windows Comments (4)

Improve Windows Vista security

Microsoft released a guide, with downloads, on 11/8/2006 to help people increase the security of Windows Vista. The guidelines can be used on Vista PC’s on a domain or standalone systems. You can either follow the online guide (links on right side of page) or you can download it here. Registration is recommended but not required to download the guide.

The key tool that the Windows Vista Security Guide provides for you is the GPOAccelerator.wsf script. The tool enables you to run a script that automatically creates all the Group Policy objects (GPOs) you need to apply this security guidance. The Windows Vista Security Guide Settings.xls file that also accompanies this guide provides another resource that you can use to compare setting values.

I think it is a good move for Microsoft to pro-actively release the guide before Vista is appearing on market. They know there are ways to further harden Windows Vista so their engineers and support staff took the initiative to show how to do it.

Other Microsoft Security guides:
Windows XP Security Guide (updated 4/10/2006)
Windows Server 2003 Security Guide (updated 4/26/2006)

10.Nov.06 Security, Windows Comments (0)

« Previous Entries