Windows Network Profile Registry Keys
This is the registry key path to a Windows computer’s network profiles:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles
The network profiles are for both wired and wireless connections.
The DWORD Category
value sets type of connection:
0 = Public (sharing disabled)
1 = Private (home, sharing enabled)
2 = Domain (AD, sharing enabled)
The Domain connection type also needs the DWORD Managed
value set to 1 and the the DWORD NameType
set to 6.
FYI: The biggest impact and usage for these three network types is to control the Windows Firewall (wf.msc
) rules.
To change the network Category using PowerShell see this article:
http://windowsitpro.com/powershell/how-force-network-type-windows-using-powershell
Cisco Simulator
The Cisco Network Simulator, Router Simulator & Switch Simulator
The Boson NetSim Network Simulator is an application that simulates Cisco Systems’ networking hardware and software and is designed to aid the user in learning the Cisco IOS command structure.
http://www.boson.com/
Microsoft NPS with Cisco Equipment Using RADIUS
See this article: Integrating Cisco devices CLI access with Microsoft NPS/RADIUS
Should be cheaper than Cisco’s ACS or ISE systems for small to medium 50-1000 user/computer organizations.
Think about PCI/DSS (3.0) when analyzing cost/risk/liability/brand reputation.
IIS port (socket) pooling
To add an IP address to the IP inclusion list
- Click Start, and then click Run.
- Type cmd, and then click OK to open a command prompt.
- Type the following, where xxx.xxx.x.x is the IP address you want to add:
httpcfg set iplisten -i xxx.xxx.x.x
When this succeeds, Httpcfg returns the following:
HttpSetServiceConfiguration completed with 0
To view additional status codes, see the Httpcfg help.
- After the IP address is added, use the following command to list it:
httpcfg query iplisten
Httpcfg returns the following:
IP :xxx.xxx.x.x
- From the command prompt, stop the HTTP service and its dependent services. To do this, type the following string at the command prompt:
net stop http /y
- From the command prompt, restart the HTTP service and it dependent services. To do this, type the following string at the command prompt:
net start w3svc
Note When you start w3svc, all services that were stopped when HTTP was stopped will start.
Connect to Windows Internal Database (WID) on Server 2012
There has been a change to the Named Pipe path of the Window Internal Database (WID) on Windows Servers 2012. The new path uses “tsql” instead of “sql” that has been in all previous versions.
Use this string in the “Server name” field of the “Connect to Server” dialog of the Microsoft SQL Server Management Studio program:
\\\\.\pipe\\MICROSOFT##WID\\tsql\\query
Reset Windows Offline Files Cache Database (CSC)
Use this command line to set the registry flag that controls flushing/reformatting of the Windows Offline Network Files Cache Database when Windows boots up:
REG ADD “HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\NetCache” /v FormatDatabase /t REG_DWORD /d 1 /f
Windows Server Multipath I/O
You can enable the Windows Server 2008 R2 Multipath I/O (MPIO) feature from the command line using this DISM command:
[sourcecode language=”bash” wraplines=”false” collapse=”false”]
dism /online /enable-feature:MultipathIo
[/sourcecode]
To disable this feature use:
[sourcecode language=”bash” wraplines=”false” collapse=”false”]
dism /online /disable-feature:MultipathIo
[/sourcecode]
To show the currently enabled/installed features use this DISM command:
[sourcecode language=”bash” wraplines=”false” collapse=”false”]
dism /online /get-features
[/sourcecode]
VMware Networking Issues with Windows 7
If you need a Firewall between the physical host and its guest virtual machines, this workaround is not for you.
The problem is that on Windows 7 (x86/x64) the VMware virtual adapters and subnets are found and reported as “Unidentified Network”. This means that the built-in Windows Firewall can only treat the VMware networks, and thus the guest VMs, as type Public.
When the network type is set to Public, the Windows Firewall by default blocks Microsoft File & Print, and other most other network traffic, which effectively prevents useful direct communication between the physical host and its VM guests. You might, if allowed, disable the Firewall or configure exception rules for the VMware virtual subnets and/or hosts. Disabling the Firewall for all public networks is a bad security practice and managing the Windows Firewall is a tedious task that still leaves potential security holes.
Below are the instructions from the VMware Knowledge Base Article 1004813 that I used to change the VMware virtual network adapters to be endpoints. Endpoints do not show up in the “Network and Sharing Center” are also excluded from control of the Windows Firewall. This makes it easier to manage the Firewall rules and Home, Work, and Public network types for real, physical adapters.
This work around solution can be used until VMware updates their networking technology to meet current operating systems standards.
# VMware KB Article: 1004813
# Updated: Apr 29, 2010
Redefine the VMware virtual NICs as endpoint devices
This procedure is permanent and allows for the continued use of Bridged, NAT, and Host Only networking. However, doing this causes the VMware virtual NICs to disappear from the Network and Sharing Center, even though they remain visible under Network Connections. This also causes the VMware virtual NICs to be exempt from all Windows Firewall access rules. When implemented, the control of virtual machine network access must be done from the guest operating system of each virtual machine. This bypasses the default security model of Windows Vista with respect to the the VMware virtual NICs, and the implications of using this procedure must be carefully considered.
To redefine the VMware virtual NICs as endpoint devices:
- Click Start > Run.
- Type regedit and click OK.
Double-click HKEY_LOCAL_MACHINE>System>CurrentControlSet>Control>Class>{4D36E972-E325-11CE-BFC1-08002BE10318}.
Caution: VMware recommends that you back up this registry key before proceeding:
- If {4D36E972-E325-11CE-BFC1-08002BE10318} is not still highlighted, click it.
- Click File > Export.
- Pick a location and name for the Registration File (*.reg).
- Click Save.
- Click 0000.
- Look at the content of the Data field associated with the DriverDesc entry.
If you see VMware Virtual Ethernet Adapter for VMnetx , where x is replaced by a number, then:
- Right-click an empty space in the right content pane.
- Click New > Dword.
- Type *NdisDeviceType
and press Enter.
Note: Ensure to include the asterisk (*) at the beginning of the entry.- Double-click *NdisDeviceType.
- Type 1 and press Enter.
- Repeat steps 4-6, replacing 0000 in step 4 with the next entry in numerical order, until you have reached the end of all numerical entries.
- Follow the Disable the VMware virtual NICs section of this article above.
- Repeat step 8 but click Enable this network device instead.
Better DNS Servers
Free Fast Public DNS Servers
Service provider: Google
=> Google public dns server IP address:
- 8.8.8.8
- 8.8.4.4
=> Service provider:Dnsadvantage
Dnsadvantage free dns server list:
- 156.154.70.1
- 156.154.71.1
=> Service provider:OpenDNS
OpenDNS free dns server list / IP address:
- 208.67.222.222
- 208.67.220.220
=> Service provider:Norton
Norton free dns server list / IP address:
- 198.153.192.1
- 198.153.194.1
=> Service provider: GTEI DNS (now Verizon)
Public Name server IP address:
- 4.2.2.1
- 4.2.2.2
- 4.2.2.3
- 4.2.2.4
- 4.2.2.5
- 4.2.2.6
=> Service provider: ScrubIt
Public dns server address:
- 67.138.54.100
- 207.225.209.66
- 4.2.2.1
- 4.2.2.2
- 4.2.2.3
- 4.2.2.4
- 4.2.2.5
- 4.2.2.6
WinRM & WinRS multi-hop
Multi-Hop Support in WinRM
http://msdn.microsoft.com/en-us/library/ee309365(VS.85).aspx
Windows Remote Management (WinRM) supports the delegation of user credentials across multiple remote computers. The multi-hop support functionality can now use Credential Security Service Provider (CredSSP) for authentication. CredSSP enables an application to delegate the user’s credentials from the client computer to the target server. CredSSP authentication is intended for environments where Kerberos delegation cannot be used. ***Support for CredSSP was added to allow a user to connect to a remote server and have the ability to access a second-hop machine, such as a file share. ***
To configure multi-hop support using CredSSP authentication for WinRM
CredSSP must be enabled in the client configuration settings.
winrm set winrm/config/client/auth '@{CredSSP="true"}'
CredSSP must be enabled in the WinRM service configuration settings.
winrm set winrm/config/service/auth '@{CredSSP="true"}'
Example
Using CredSSP Authentication with Explicit Credentials
winm OPERATION –remote:https://myMachine –authentication:CredSSP –username:myUsername –password:myPassword
Google starts offering Public DNS
Google is now offering public DNS service.
The two DNS server IP addresses are:
8.8.8.8
8.8.4.4
Fire at Fisher Plaza…
Sucks to be hosted at Fisher Plaza data center today. #fisherfire http://bit.ly/vozbD or http://bit.ly/3FQYY
Cisco ASA 5505 blocking Internet Radio
You should inspect the port and you can add this commands
regex audio-mpeg "audio/.*"
policy-map type inspect http test_radio
parameters
protocol-violation action drop-connection log
match response header content-type regex audio-mpeg
drop-connection log
match request header user-agent regex _default_windows-media-player-tunnel
drop-connection log
class global-class-test
inspect http test_radio
It is easy to block streaming from media-player, but for other I check the response header and when I see audio/* (like audio/* where * can be mpeg, x-mpeg, mpeg3, and/or x-mepg3 …) I close the connection.
Sorry for my bad english.
ASA 5505 to block Internet radio
You should inspect the port and you can add this commands
regex audio-mpeg "audio/.*"
policy-map type inspect http test_radio
parameters
protocol-violation action drop-connection log
match response header content-type regex audio-mpeg
drop-connection log
match request header user-agent regex _default_windows-media-player-tunnel
drop-connection log
class global-class-test
inspect http test_radio
It is easy to block streaming from media-player, but for other I check the response header and when I see audio/* (like audio/* where * can be mpeg, x-mpeg, mpeg3, and/or x-mepg3 …) I close the connection.
Sorry for my bad english.