Exchange 2007 HOW TO: Add Email Addresses To Public Folders

How do we add email addresses to Public Folders?

It should be pretty simple - If Get-Mailbox shows the emailaddresses property for a mailbox, and Set-Mailbox allows you to use the -EmailAddresses switch to add email addresses, one can't be blamed for believing it'll work the same way for Public Folders.

Objects other than Public Folders need to be mailbox or mail-enabled to be Exchange recipients, Public Folders do not (Yes, they are mail-enabled by default). To modify mail-related attributes of Public Folders, you use the Set-MailPublicFolder command.

To add additional email address to a (mail-enabled) Public Folder:

$PF = Get-MailPublicFolder "Sales"

$PF.EmailAddresses += "Sales-EMEA@domain.com"

$PF | Set-MailPublicFolder

The first line gets mail-related properties of Public Folder "Sales" in a variable called $PF. Next, we add the additional email address, without wiping out the existing ones. Finally, we commit the change using Set-MailPublicFolder.

If you simply use Set-MailPublicFolder "Sales" -EmailAddresses "Sales-EMEA@domain.com", it will replace the existing values in the EmailAddresses property.

Another difference to note between how the Set-PublicFolder and Get-PublicFolder commands work, compared to Set-MailPublicFolder and Get-MailPublicFolder - the former takes a relative path of a Public Folder. For instance, to get the Sales PF if it's in the root of the Public Folder tree, we would need to add a \ before the name:

Get-PublicFolder \Sales

However, the Get/Set-MailPublicFolder commands work using the alias/display name of the PF. Why the difference? One way to look at it - when using Get/Set-PublicFolder, you're working with the actual Public Folder. When using Get/Set-MailPublicFolder, you're working with the Active Directory object created for that Public Folder (which holds mail-related attributes, making it possible for a Public Folder to be mail-enabled).

To change the primary email address of the Public Folder "Sales" from "Sales@domain.com" to the new address we just entered - "Sales-EMEA@domain.com":

Set-MailPublicFolder "Sales" -EmailAddressPolicyEnabled $false -PrimarySmtpAddress "Sales-EMEA@domain.com"

As you may have already figured out, we exempted the Public Folder from getting EmailAddressPolicies applied. In Exchange Server 2003/2000, you could change the default email address of a recipient, without unchecking the checkbox. Result: A few minutes after you completed the change, Recipient Policies would apply and change the primary email address back.

Exchange Server 2007 doesn't let you change the default email address without exempting the recipient from email address policies.

Set Time Zone From Command Line in Windows 2003, XP and 2000

Quick and easy way to set timezone from command line in Windows 2003, XP and 2000.

CONTROL.EXE TIMEDATE.CPL,,/Z Eastern Standard Time
CONTROL.EXE TIMEDATE.CPL,,/Z Central Standard Time
CONTROL.EXE TIMEDATE.CPL,,/Z Mountain Standard Time
CONTROL.EXE TIMEDATE.CPL,,/Z Pacific Standard Time

These are a little longer but they do the same thing.

RunDLL32.exe shell32.dll,Control_RunDLL timedate.cpl,,/Z Eastern Standard Time
RunDLL32.exe shell32.dll,Control_RunDLL timedate.cpl,,/Z Central Standard Time
RunDLL32.exe shell32.dll,Control_RunDLL timedate.cpl,,/Z Mountain Standard Time
RunDLL32.exe shell32.dll,Control_RunDLL timedate.cpl,,/Z Pacific Standard Time

See also Set Time Zone From Command Line in Windows 7 and Windows 2008

Keywords:
change time zone from command line windows xp
windows 2003 change timezone
command to get time zone in win xp

50 More Acronyms Every Parent Should Know

Parents, do you know what your kids (teen and pre-teen) are saying when they chat? Here are 50 text/SMS/Internet acronyms/shortcuts parents need to know.

Goto our complete list of Internet/Chat acronyms (nearly 2000).

See our original 50 Acronyms Every Parent Should Know.

2nite	Tonight
AWGTHTGTTA	Are We Going To Have To Go Through This Again
banana	code word for penis
B4YKI	Before You Know It
BRB	Be Right Back
BRT	Be Right There
CWYL	Chat With You Later
CYT	See You Tomorrow
DIAF	Die In A Fire
DOC	Drug Of Choice
E123	Easy as One, Two, Three
EM	Excuse Me
EOD	End Of Day -or- End Of Discussion
FAH	F***ing A Hot
FB	F*** Buddy
FOAF	Friend Of A Friend
GLBT	Gay, Lesbian, Bisexual, Transgender
HBU	How Bout You?
HUYA	Head Up Your Ass
I&I	Intercourse & Inebriation
IDGI	I Don't Get It -or- I Don't Get Involved
IMEZRU	I Am Easy, Are You?
IMNSHO	In My Not So Humble Opinion
J/C	Just Checking
kitty	code word for vagina
L8R	Later
LD	Long Distance -or- Later Dude
LMK	Let Me Know
LOL	Laughing Out Loud -or- Lots of Love
N-A-Y-L	In A While
NAZ	Name, Address, Zip (also means Nasdaq)
NM	Never Mind -or- Nothing Much -or- Nice Move
OLL	OnLine Love
OMW	On My Way
OTP	On The Phone
QT	Cutie
RN	Right Now
ROTFL	Rolling On The Floor Laughing
RU	Are You?
SITD	Still In The Dark
SMEM	Send Me E-Mail
SMIM	Send Me an Instant Message
SO	Significant Other
SOHF	Sense Of Humor Failure
SWDYT	So What Do You Think?
TOM	Tomorrow
TS	Tough Sh** -or- Totally Stinks
TTFN	Ta Ta For Now
ur	you are
WFM	Works For Me
XOXO	Hugs and Kisses

Top 50 Internet Acronyms Parents Need to Know

Parents, do you know what your kids (teen and pre-teen) are saying when they chat? Here are 50 text/SMS/Internet acronyms/shortcuts parents need to know.

Goto our complete list of Internet/Chat acronyms (nearly 2000).

8	Oral sex
1337	Elite -or- leet -or- L337
143	I love you
182	I hate you
1174	Nude club
420	Marijuana
459	I love you
ADR	Address
AEAP	As Early As Possible
ALAP	As Late As Possible
ASL	Age/Sex/Location
CD9	Code 9 - it means parents are around
C-P	Sleepy
F2F	Face-to-Face
GNOC	Get Naked On Cam
GYPO	Get Your Pants Off
HAK	Hugs And Kisses
ILU	I Love You
IWSN	I Want Sex Now
J/O	Jerking Off
KOTL	Kiss On The Lips
KFY -or- K4Y	Kiss For You
KPC	Keeping Parents Clueless
LMIRL	Let's Meet In Real Life
MOOS	Member Of The Opposite Sex
MOSS	Member(s) Of The Same Sex
MorF	Male or Female
MOS	Mom Over Shoulder
MPFB	My Personal F*** Buddy
NALOPKT	Not A Lot Of People Know That
NIFOC	Nude In Front Of The Computer
NMU	Not Much, You?
P911	Parent Alert
PAL	Parents Are Listening
PAW	Parents Are Watching
PIR	Parent In Room
POS	Parent Over Shoulder -or- Piece Of Sh**
pron	porn
Q2C	Quick To Cum
RU/18	Are You Over 18?
RUMORF	Are You Male OR Female?
RUH	Are You Horny?
S2R	Send To Receive
SorG	Straight or Gay
TDTM	Talk Dirty To Me
WTF	What The F***
WUF	Where You From
WYCM	Will You Call Me?
WYRN	What's Your Real Name?
zerg	To gang up on someone

TreeSize Free - ever want to know how big various folders are?

Every hard disk is too small if you just wait long enough. TreeSize Free tells you where precious space has gone. TreeSize Free can be started from the context menu of a folder or drive and shows you the size of this folder, including its subfolders. You can expand this folder in Explorer-like style and you will see the size of every subfolder. Scanning is done in a thread, so you can already see results while TreeSize Free is working. The space, which is wasted by the file system, can be displayed and the results can be printed in a report. TreeSize Free is freeware for Windows 2000/XP/Vista.

Download TreeSize Free (here you can find the more powerful TreeSize Professional as well)

SQL SERVER – Get Time in Hour:Minute Format from a Datetime – Get Date Part Only from Datetime

Get Current Date & Time

select GetDate()

SQL Server 2000/2005

SELECT
CONVERT(VARCHAR(8),GETDATE(),108) AS HourMinuteSecond,
CONVERT(VARCHAR(8),GETDATE(),101) AS DateOnly
GO

SQL Server 2008

SELECT
CONVERT(TIME,GETDATE()) AS HourMinuteSecond,
CONVERT(DATE,GETDATE(),101) AS DateOnly
GO

Windows Command Line Tricks

Here are a few Windows command line tricks that might make your life easier.

Save A List of Files to a Text File by Extension

dir *.ext /s /b > files.txt

This command line will create a file called files.txt. When you open this file, there will be a complete list of all the files in that directory and all subdirectories with the .ext extension. You can then open up this text file in any text editor and work this the information.By changing the ext part, you can select different files. For example, if you wanted to list all of the PDF documents, you would type:

dir *.pdf /s /b > files.txt

---

Get Your IP Address Information

ipconfig /all

This will retrieve a pile of information about your network connection and IP information. From this command, you can get:

* Host Name
* Primary DNS Suffix
* Node Type
* IP Routing Enabled
* WINS Proxy Enabled
* DNS Suffix Search List
* Connection-specific DNS Suffix
* Network Adapter Description
* Physical (MAC) Address
* DHCP Enabled
* IP Address
* Subnet Mask
* Default Gateway
* DNS Servers

---

Get Installed Driver Information

driverquery

It can be very useful when troubleshooting to know what drivers are installed on a system. This command will give you a complete listing of the drivers and when they were installed.

---

Find Files Opened By Network Users

openfiles /query

If you are running a system and you want to know who has files open on your computer, this command will provide you a list of those users and the files that they have open.

Note: If you get an error saying The system global flag ‘maintain objects list’ needs to be enabled to see local opened files, you can fix this issue by typing openfiles /local on. You will have to reboot the system but it will resolve the issue.

---

Monitor Port Activity

netstat -a 30

This will show you all of the TCP/IP ports that are being used on your system and what they are connecting to (or being connected from). It will continue to monitor these ports and refresh the information every 30 seconds. You can change the refresh rate by changing the number at the end of the command.

---

Recover Information From A Corrupt File

recover filename.ext

If you have a disk with damaged sectors, you can attempt to recover as much information as possible from the damaged file. Data that is not damaged can be retrieved but data in damaged sectors will be lost.

---

Defragment Remote Computer

rexec remotePC defrag C: /F

This command used the rexec command to force a defragment of the C: drive on the computer named remotePC. You can use whatever you want to for the command (I just used defrag C: /F as an example). This is very useful for remote maintenance.

---

Retrieve Detailed System Information

systeminfo

With this command, you can retrieve the following information:

* Host Name
* OS Name
* OS Version
* OS Manufacturer
* OS Configuration
* OS Build Type
* Registered Owner
* Registered Organization
* Product ID
* Original Install Date
* System Up Time
* System Manufacturer
* System Model
* System type
* Processor(s)
* BIOS Version
* Windows Directory
* System Directory
* Boot Device
* System Locale
* Input Locale
* Time Zone
* Total Physical Memory
* Available Physical Memory
* Virtual Memory Max Size
* Virtual Memory Available
* Virtual Memory In Use
* Page File Location(s)
* Domain
* Logon Server
* Hotfix(s)
* NetWork Card(s)

---

Schedule Defrag to Defragment C: Daily

schtasks /create /tn "Defrag C" /tr "defrag c: /f" /sc daily /st 02:00:00 /ru "System"

This will set your computer to automatically perform a complete defrag of the C: drive each day at 11:00:00 PM (23:00:00). It does this by creating a scheduled task called Defrag C. It will run this command under the computer’s system account.

---

Map A Drive Letter to a Folder

subst W: C:\windows

Sometimes, your directory structure can get pretty deep and complicated. You can simplify this a bit by mapping a drive letter to commonly used folders. In the example that I have given, this will create a drive letter W: and map it to the C:\windows directory. Then, whenever you go into My Computer, you will see a W: drive and when you browse to it, it will automatically take you to the contents of the C:\windows folder.

You can do this with any unused drive letter and any folder that exists on your system.

---

List All Tasks Running On The Computer

tasklist

It’s always good to know what is running on your system. This is the command line version of the processes tab in Taks Manager.

---

Kill A Program

taskkill /im programname.exe /f

If, when using the tasklist command, you discover that there is something running you just want killed. This is the way to do it! Just note the program name and use it in place of programname.exe.

---

Reboot a Remote Computer

shutdown -r -f -m \\remotePC -c "System will be rebooted in 30 seconds"

Sometimes, you just need to reboot a system. This will do it remotely and give the user a 30 second warning.

---

Schedule computer reboot

schtasks /create /tn "Reboot" /tr "shutdown /r /t 1" /sc once /st 01:00:00 /sd 08/18/2009 /ru "System"

---

cmd /c - Carries out the command specified by string and then terminates
&& - concatenates commands together

This way you can create a shortcut for short scripts without creating batch files.
e.g. a shortcut for stopping and starting the print spooler.

%windir%\System32\cmd.exe /c "net.exe stop Spooler && net start Spooler"

---

Sleep
No sleep command in Windows 2000/XP (AFAIK) unless you have the Resource Kit, and then you have to move extra files around with your scripts.
Simply use the ping command to wait predefined times. In this example it’s 10 seconds.

ping -n 10 127.0.0.1 > NUL 2>&1

---

Find
Windows answer to grep. Not as powerful but still useful.

e.g. In conjunction with systeminfo above to find out the Virtual Memory on the PC.

systeminfo find "Virtual Memory"

Windows (XP, Vista, Windows 7, 2003, 2008) Commands

Here is a great list Windows XP/2000 commands that will make any Linux user feel at home at the command prompt. A lot of these commands are intended for administrating a network, but they are great for savvy home users as well.

• at - Windows Scheduling utility
• bootcfg - This utility allows you to set up your boot options, such as your default OS and other loading options
• cacls - Changes the ACLs (security Settings) of files and folders. Very similar to chmod in Linux.
• comp - This utility is very similar to diff in Linux. Use the /? switch to get examples of command usage.
• defrag - Yes, XP comes with a command line disk defrag utility. Here's an example of how to create a scheduled task to defrag every day:
  
  schtasks /create /tn "Defrag C" /tr "defrag c: /f" /sc daily /st 04:30:00 /ru "System"
  
• diskpart - Use this command to manage your disk partitions. This is the text version for the GUI Disk Manager.
• driverquery - Produces a list of drivers, their properties, and their versions. Great for computer documentation.
• eudcedit (unpublished) - Private Character editor. Yes with this program built into Windows XP you can create your own font!
• findstr - Find String - similar to Linux's Grep.
• fsutil (unpublished) - This is a utility with a lot of capability. Come back soon for great examples.
• getmac - This command gets the Media Access Control (MAC) address of your network cards.
• gpresult - This generates a summary of the user settings and computer group policy settings.
• gpupdate - Use this utility to manually apply computer and user policy from your windows 2000 (or newer) Active Directory domain.
• ipconfig - This handy tool displays IP settings of the current computer and much more.
• MMC - Microsoft Management Console. This is the master tool for Windows, it is the main interface in which all other tools use starting primarily in Windows 2000 and newer systems.
• more- Utility used to display text output one screen at a time. Example:
  
  more c:\windows\win.ini
  
• msconfig - The ultimate tool to change the services and utilities that start when your Windows machine boots up. You can also copy the executable from XP and use it in Win2k.
• msinfo32 - An awesome diagnostic tool. With it you can get a list of running processes, including the residing path of the executable (great for manually removing malware) and get detailed information about hardware and system diagnostics.
• narrator - Turns on the system narrator (can also be found in accessibility options in control panel). Will will allow your computer to dictate text to you.
• netsh - A network configuration tool console. At the 'netsh>' prompt, use the '?' to list the available commands and type "exit" to get back to a command prompt.
• netstat - A local network port tool - try netstat -ano.
• nslookup - A DNS name resolution tool.
• openfiles - Allows an administrator to display or disconnect open files in XP professional. Type "openfiles /?" for a list of possible parameters.
• Pathping - A cross between the ping and traceroute utilities. Who needs Neotrace when you can use this? Type "pathping " and watch it go.
• recover - This command can recover readable information from a damaged disk and is very easy to use.
• reg - A console registry tool, great for scripting Registry edits.
• sc - A command line utility called the Service Controller. A power tool to make service changes via a logon/logoff or startup/shutdown script.
• schtasks - A newer version of the AT command. This allows an administrator to schedule and manage scheduled tasks on a local and remote machines.
• secedit - Use this utility to manually apply computer and user policy from your windows 2000 (or newer) domain. Example to update the machine policy: secedit /refreshpolicy machine_policy /enforce
  To view help on this, just type secedit.
  NOTE: In Windows XP SP1 and news, this command is superceded by: gpupdate /force
• sfc - The system file checker scans important system files and replaces the ones you (or your applications) hacked beyond repair with the real, official Microsoft versions.
• shutdown - With this tool, You can shut down or restart your own computer, or an administrator can shut down or restart a remote computer.
• sigverif - With the sigverif tool you can have all driver files analyzed to verify that they are digitally signed. Just type 'sigverif' at the command prompt.
• systeminfo - Basic system configuration information, such as the system type, the processor type, time zone, virtual memory settings, system uptime, and much more. This program is great for creating an inventory of computers on your network.
• sysedit - System Configuration File Editor. An old tool that was very handy for the Windows 9X days. msconfig is what you want to use now.
• tasklist - Tasklist is the command console equivalent to the task manager in windows. It is a must have when fighting malware and viruses. Try the command:
  
  tasklist /svc to view the memory resources your services take up.
  
• taskkill - Taskkill contains the rest of the task manager functionality. It allows you to kill those unneeded or locked up applications.
• tree - This command will provide a 'family tree' style display of the drive/folder you specify.
• WMIC - Windows Management Instrumentation Command tool. This allows you to pull an amazing amount of low-level system information from a command line scripting interface.

Of course this list in note exhaustive, I just wanted to focus on tools that are particularly helpful that everyone might use. For the official list, please visit Microsoft Windows XP Pro Command Reference.

What environment variables are available in Windows?

List of the environment variables callable in windows 2000. e.g. Open a cmd prompt and type echo %appdata% which should return the full path to your profile's Application Data directory. If calling from a batch file remember to quote the %variable% e.g.

IF EXIST "%appdata%"\workrave\historystats. (mkdir D:\AllMyFiles\Workrave.) ELSE echo Workrave. missing

Here's the list with correct syntax:

ALLUSERSPROFILE	%ALLUSERSPROFILE%	Local returns the location of the All Users Profile.
APPDATA	%APPDATA%	Local returns the location where applications store data by default.
CD	%CD%	Local returns the current directory string.
CMDCMDLINE	%CMDCMDLINE%	Local returns the exact command line used to start the current cmd.exe.
CMDEXTVERSION	%CMDEXTVERSION%	System returns the version number of the current Command Processor Extensions.
COMPUTERNAME	%COMPUTERNAME%	System returns the name of the computer.
COMSPEC	%COMSPEC%	System returns the exact path to the command shell executable.
DATE	%DATE%	System returns the current date. This variable uses the same format as the date /t command. Cmd.exe generates this variable. For more information about the date command, see the Date command.
ERRORLEVEL	%ERRORLEVEL%	System returns the error code of the most recently used command. A non-0 value usually indicates an error.
HOMEDRIVE	%HOMEDRIVE%	System returns which local workstation drive letter is connected to the user's home directory. This variable is set based on the value of the home directory. The user's home directory is specified in Local Users and Groups.
HOMEPATH	%HOMEPATH%	System returns the full path of the user's home directory. This variable is set based on the value of the home directory. The user's home directory is specified in Local Users and Groups.
HOMESHARE	%HOMESHARE%	System returns the network path to the user's shared home directory. This variable is set based on the value of the home directory. The user's home directory is specified in Local Users and Groups.
LOGONSERVER	%LOGONSERVER%	Local returns the name of the domain controller that validated the current logon session.
NUMBER_OF_PROCESSORS	%NUMBER_OF_PROCESSORS%	System specifies the number of processors installed on the computer.
OS	%OS%	System returns the OS name. Windows XP and Windows 2000 display the OS as Windows_NT.
PATH	%PATH%	System specifies the search path for executable files.
PATHEXT	%PATHEXT%	System returns a list of the file extensions that the OS considers to be executable.
PROCESSOR_ARCHITECTURE	%PROCESSOR_ARCHITECTURE%	System returns the processor's chip architecture. Values: x86, IA64.
PROCESSOR_IDENTIFIER	%PROCESSOR_IDENTIFIER%	System returns a description of the processor.
PROCESSOR_LEVEL	%PROCESSOR_LEVEL%	System returns the model number of the computer's processor.
PROCESSOR_REVISION	%PROCESSOR_REVISION%	System returns the revision number of the processor.
Program Files	%PROGRAMFILES%	returns the location of the default install directory for applications.
PROMPT	%PROMPT%	Local returns the command-prompt settings for the current interpreter. Cmd.exe generates this variable.
RANDOM	%RANDOM%	System returns a random decimal number between 0 and 32767. Cmd.exe generates this variable.
SYSTEMDRIVE	%SYSTEMDRIVE%	System returns the drive containing the Windows root directory (i.e., the system root).
SYSTEMROOT	%SYSTEMROOT%	System returns the location of the Windows root directory.
TEMP	%TEMP%	System and User return the default temporary directories for applications that are available to users who are currently logged on. Some applications require TEMP and others require TMP.
TMP	%TMP%	System and User return the default temporary directories for applications that are available to users who are currently logged on. Some applications require TEMP and others require TMP.
TIME	%TIME%	System returns the current time. This variable uses the same format as the time /t command. Cmd.exe generates this variable. For more information about the time command, see the Time command.
USERDOMAIN	%USERDOMAIN%	Local returns the name of the domain that contains the user's account.
USERNAME	%USERNAME%	Local returns the name of the user currently logged on.
USERPROFILE	%USERPROFILE%	Local returns the location of the profile for the current user.
WINDIR	%WINDIR%	System returns the location of the OS directory

RegShot - Windows Registry Compare Utility

Regshot is an open-source (GPL) Windows (2000, Windows XP, Windows Vista, Windows 7, Windows 2008) registry compare utility that allows you to quickly take a snapshot of your registry and then compare it with a second one - done after doing system changes or installing a new software product.

Download: http://sourceforge.net/projects/regshot/

How DNS Works

This is a brief, simple tutorial on how DNS (and name resolution in general) occurs. The focus will be on Windows systems, but most of it will apply to any system. You will find that once you understand DNS you can fix A LOT of issues, regardless of the underlying OS.

Overview
Here's a picture of how DNS works, at a very high level.

www.abc.com
For this how-to, we'll use http://www.abc.com/ as our example.
First, a break down of this Fully Qualified Domain Name (FQDN). The left most name before the first period is always the host name or the name of the server. In the Windows world this host name does not have to match the server name, but usually does. In this case "www"
Everything after that is the zone the host belongs to. In this case the server's zone is "abc.com".
"ABC" is a subzone of ".COM", while ".COM" is a subzone of the root zone "."
Many times you'll hear a DNS zones called domains. A domain/zone is the "abc.com" part of any FQDN. I like to use the terminology zone instead of domain because in the Windows world, domain typically signifies Active Directory, and while AD relies heavily on DNS, I like to make the distinction between the two.
Root Zone
The root zone exists on every FQDN, but is rarely expressed. Most systems will add it in without you ever knowing that it's there.
The only times I've had to use the root zone in the FQDN are on some DNS servers (namely XO's web based DNS services) when I'm trying to alias one zone to another. Namely, the web site would try to add my zone to the end of my alias, which is bad so I placed the root zone at the end to stop that.
Early Windows 2000 servers used to have a problem with DNS because for some reason it would create a root zone "." in the list. Since the root zone was local the server would attempt to resolve from there, but the zone would be empty and name resolution would fail. Deleting that zone would resolve the issue.

Name resolution order
A Windows host will try several things to resolve any name it's given.

1. Is it me? Do I have it in my local cache?
2. Look in the HOSTS file: c:\windows\system32\drivers\etc
3. DNS
4. LMHOSTS file: c:\windows\system32\drivers\etc
5. WINS
6. Broadcast

You'll notice that the HOSTS file is one of the first things a Windows host will check. This is why many virus's attack that file to cause redirection to malicious web sites.

Windows Host DNS Settings
Most people put in a primary and secondary DNS server in their Windows host TCP/IP settings. There is a very commonly held misconception that if the primary server can't resolve the name then the secondary will give it a try. This is not the case.
Windows will attempt to connect to the primary server, if that fails then it will attempt to connect to the secondary. If the primary connection succeeds then Windows will totally rely on that server to make the resolution. If the server can't make the name resolution then Windows will move onto the next item in it's resolution order (LMHOSTS).

DNS Resolution
DNS goes through a similar progression when resolving a host name:

1. Is the host in my cache?
2. Do I have the zone in my database?
3. Do I have a forwarder?
4. If no forwarder, do a full lookup

Quick note about forwarders
A forwarder can be considered like a delegation of the task. If you DNS has a forwarder, it will delegate the task of doing the lookup to the server specified in its configuration. The DNS server will not attempt to resolve the name itself.

Walking through the Zones
So, DNS has never seen this host before (and stored the name in cache), it does not have the zone in it's own database and you don't have forwarders turned on. That means it has to do a full lookup.
DNS works backwards through the zone on it's way to resolving the name. First up, the root domain.
The root domain is a special domain and every DNS server has a set of static IP addresses that represent the name servers for the root zones. You can look at these settings by going to the properties of your DNS server and looking at the Root Hints tab.

Talking to the Root Servers
Your DNS server now has a place to start. It goes to a root server, from its root hints list, and asks if you know any name servers for the next zone up. For our example, that would be ".COM".
Any zone that's right under the root zone is considered a Top Level Domain, or TLD.
Since your root server has probably heard of ".COM" it will return with a list of TLD name servers.
(This is step #1 of the overview picture)

Talking to the TLD Servers
Now your server goes to one of the TLD's and asks, do you know about "ABC.COM"?
The .COM server will return a list of name servers. If you've ever done a WHOIS search, the name servers returned from this is the same list your DNS server will get.
To the right I've shown an example of the return you would get from Google.com if you tried a WHOIS search on it. The only difference is, when you DNS server asks the .COM server will actually return a list of IP addresses.
(This is step #2 of the overview picture)

Talking to ABC.COM
As you can see, we've finally landed on the name servers that should know about our host, WWW.ABC.COM.
Now your DNS server will ask one of the name servers for ABC.COM, do you know a host named WWW?
The name server will return an IP address. This name will be passed down to your Windows host and it will also be stored in the DNS servers cache, for a specified amount of time known as the Time to Live.
(This is step #3 and #4 of the overview picture)

What is TTL?
TTL: Time to live. This is a setting that tells a DNS server, as well as a DNS client, how long to keep this host/zone and IP address combination in cache.
The DNS cache is simply a list of every place that's been visited and it's IP address so the DNS server doesn't have to do a full lookup every time.
Back in ancient times (3 or 4 years ago) saving every ounce of bandwidth was very important so it was not unusual to have cache's held for long periods of time, 1-3 days. The cache does not get updated until that TTL period has expired. This is why, even to this day, that most ISP's will say you need to wait 24-72 hours before your changes will take effect. What's really happening is you're waiting for the data in the DNS cache's to expire so your new settings will be re-read.
Today, bandwidth is not much of an issue and most TTL's are set in the seconds.

DNS Propagation
DNS Propagation is a term commonly used to describe the function of waiting for the TTL to expire and having your DNS server query the zone name servers for new IP addresses. Many ISP support personnel will use this term, and I'm not convinced they know what it means!
I'm not a fan of the term because I think it has some connotation that DNS servers are secretly transferring data while we're not looking. That's called Zone Transfers!

DNS Cache
If you're in DNS on your server, you can turn on the advanced view and see your DNS cache. Hosts/zones and IP addresses are stored here for the duration of that hosts TTL settings. You can delete anything and everything in here at will, as the server will simply relook anything up if it's not in the cache.
Windows hosts also have a local cache and host/zone and IP addresses will be stored in there, also for the duration of the TTL settings.
If you're making changes to a host record and it's not resolving you may need to delete the cache on your local Windows host (IPCONFIG /FLUSHDNS from a command prompt) and delete the cache from the DNS server.

Zone Transfers
This is a little bit outside the scope of this how-to, but I felt it should be mentioned.
DNS zones can be kept on multiple servers, and the data is copied using a process called Zone Transfer. At its most basic, there are primary zones (read/write copies of the zone) and secondary zones (read only copies). Typically you would set up Zone Transfers between your DNS servers to keep data up to date between them.
With Active Directory, this process is a little different. An Active Directory Integrated zone keeps all of the data in AD, and uses the AD replication processes to keep servers up to date, so no zone transfers are necessary. Windows servers support AD integrated zones, and the more traditional zones (the database is actually a simple text file).

DNS Suffix's
A common problem for Windows administrators is multi-AD domain name resolution. Let me set it up:
Primary domain: mycompany.local (HQ) Child domain: newyork.mycompany.local
Server in HQ: hqserver1 Server in New York: nyserver2
You're at the HQ and you try to ping nyserver2 but the name doesn't resolve. How come? It's a child domain with a full trust?
Windows will always try to add your default DNS suffix to a host, so if you're at HQ you're in the mycompany.local domain, so you're suffix will be ".mycompany.local". So, when you ping nyserver2, you're actually pinging nyserver2.mycompany.local. See the problem? The server FQDN is actually nyserver2.newyork.mycompany.local.
The easiest fix is to add an additional suffix to your DNS settings: "mycompany.local and newyork.mycompany.local" (see image). Now your Windows host will first try nyserver2.mycompany.local (which will of course fail), and then nyserver2.newyork.mycompany.local (which should succeed).
Should? What do you mean should? Well, does your mycompany.local DNS server know about the newyork.mycompany.local zone? Not normally. What to do? Setup a conditional forwarder on your DNS server. Type the name of the zone you want to foward (newyork.mycompany.local) and then configure the IP address to the DNS server in that domain.
Notice the differences between zone and domain as I'm using it? Unfortunately this is probably a unique differentiation so understanding different administrators will always be a challenge.

Conclusion
There you have it, you can now consider yourself an expert in DNS -- or at the very least you'll be able to fool 90% of the people you talk to!

Display Today's (Current) Date Dynamically in HTML Pages

The Easy Way

<script language="javascript">
<!--
document.write(Date());
-->
</script>


The easy way provides date, time and timezone information. If you want to display the date only, the following way will do that.

The Hard Way

<script language="javascript">
<!--
Today = new Date();

TodayDay = Today.getDate();
TodayMon = Today.getMonth();
TodayYear = Today.getYear();
if (TodayYear < 2000) TodayYear += 1900;

if (TodayMon == 0) { TodayMonth = "January"; }

else if (TodayMon == 1) { TodayMonth = "February"; }
else if (TodayMon == 2) { TodayMonth = "March"; }
else if (TodayMon == 3) { TodayMonth = "April"; }
else if (TodayMon == 4) { TodayMonth = "May"; }
else if (TodayMon == 5) { TodayMonth = "June"; }
else if (TodayMon == 6) { TodayMonth = "July"; }

else if (TodayMon == 7) { TodayMonth = "August"; }
else if (TodayMon == 8) { TodayMonth = "September"; }
else if (TodayMon == 9) { TodayMonth = "October"; }
else if (TodayMon == 10) { TodayMonth = "November"; }
else if (TodayMon == 11) { TodayMonth = "December"; }
else { TodayMonth = TodayMon; }

document.write(TodayMonth + " " + TodayDay + ", " + TodayYear);

-->
</script>


How to recover missing, lost, or deleted files from Windows XP, Vista, Server 2003 and 2008 and Windows 7 as well as Apple Macs

Before reviewing the below recommendations and suggestions, verify that the files have actually been deleted; in some cases the files may have simply been moved. You can search the hard disk drive for the files you believe to be missing by running find or search on the computer.

Recover file from backup
If the file has been backed up to floppy disk or other medium it is recommended that the file be restored from that backup if the file cannot be found.

Restore from Recycling Bin or Trash
If you are running Apple MacOS, Microsoft Windows 95, NT, 98, 2000, ME, XP, Vista, or later operating system and the file has been recently deleted it is possible that the file may still be in the Trash or Recycle Bin. If present within this area it can be recovered.

Download freeware program and/or purchase a program
Below is a list of freeware file recovery programs that can be used freely to recover lost data.
PC Inspector File Recover
Restoration
Recuva
Undelete Plus
FreeUndelete
Photorec

In addition to the above freeware programs there are also several companies who have created programs designed to recover your lost data. For example, PowerQuest makes the utility Drive Image that in some cases can be used to recover data from a hard drive.

Utilize a service from a company that specializes in recovering lost data
Utilize the service of a local data recovery company or an out of state data recovery company. One word of caution is that these services can sometimes be very expensive. It is only recommended they be used if the data is extremely important. Below is a listing of a few major data recovery companies.
Action Front Data Recovery
CBL Data Recovery Technologies Inc.
Doctor Byte
DriveSavers Data Recovery
Lazarus Data Recovery
Ontrack
Virtual Data Recovery
Stellar Data Recovery
DataCent Professional Data Recovery

There are also several companies that specialize in the service of recovering files or documents that are password protected. Below is a listing of some of the companies that provide this service.

Passwordcrackers
Passwordservices.com
Password Recovery software

Linux Command: iwconfig

NAME

iwconfig - configure a wireless network interface

SYNOPSIS

iwconfig [interface]
iwconfig interface [essid X] [nwid N] [mode M] [freq F]
[channel C][sens S ][ap A ][nick NN ]
[rate R] [rts RT] [frag FT] [txpower T]
[enc E] [key K] [power P] [retry R]
[commit]
iwconfig --help
iwconfig --version

DESCRIPTION

Iwconfig is similar to ifconfig(8), but is dedicated to the wireless interfaces. It is used to set the parameters of the network interface which are specific to the wireless operation (for Example: the frequency). Iwconfig may also be used to display those parameters, and the wireless statistics (extracted from /proc/net/wireless).

All these parameters and statistics are device dependent. Each driver will provide only some of them depending on hardware support, and the range of values may change. Please refer to the man page of each device for details.


PARAMETERS

essid
Set the ESSID (or Network Name - in some products it may also be called Domain ID). The ESSID is used to identify cells which are part of the same virtual network. As opposed to the AP Address or NWID which define a single cell, the ESSID defines a group of cells connected via repeaters or infrastructure, where the user may roam transparently. With some cards, you may disable the ESSID checking (ESSID promiscuous) with off or any (and on to reenable it). If the ESSID of your network is one of the special keywords (off, on or any), you should use -- to escape it.
Examples:
iwconfig eth0 essid any
iwconfig eth0 essid "My Network"
iwconfig eth0 essid -- "ANY"

nwid/domain
Set the Network ID (in some products it may also be called Domain ID). As all adjacent wireless networks share the same medium, this parameter is used to differenciate them (create logical colocated networks) and identify nodes belonging to the same cell. This parameter is only used for pre-802.11 hardware, the 802.11 protocol uses the ESSID and AP Address for this function. With some cards, you may disable the Network ID checking (NWID promiscuous) with off (and on to reenable it).
Examples:
iwconfig eth0 nwid AB34
iwconfig eth0 nwid off

freq/channel
Set the operating frequency or channel in the device. A value below 1000 indicates a channel number, a value greater than 1000 is a frequency in Hz. You may append the suffix k, M or G to the value (for example, "2.46G" for 2.46 GHz frequency), or add enough ’0’. Channels are usually numbered starting at 1, and you may use iwlist(8) to get the total number of channels, list the available frequencies, and display the current frequency as a channel. Depending on regulations, some frequencies/channels may not be available. When using Managed mode, most often the Access Point dictates the channel and the driver may refuse the setting of the fre-
quency. In Ad-Hoc mode, the frequency setting may only be used at initial cell creation, and may be ignored when joining an existing cell. You may also use off or auto to let the card pick up the best channel (when supported).
Examples:
iwconfig eth0 freq 2422000000
iwconfig eth0 freq 2.422G
iwconfig eth0 channel 3
iwconfig eth0 channel auto

sens
Set the sensitivity threshold. This is the lowest signal level for which the hardware will consider receive packets usable. Positive values are assumed to be the raw value used by the hardware or a percentage, negative values are assumed to be dBm. Depending on the hardware implementation, this parameter may control various functions. This parameter may control the receive threshold, the lowest signal level for which the hardware attempts packet reception, signals weaker than this are ignored. This may also controls the defer threshold, the lowest signal level for which the hardware considers the channel busy. Proper setting of those thresholds prevent the card to waste time receiving background noise. Modern designs seems to control those thresholds automatically. On modern cards, this parameter may control handover/roaming threshold, the lowest signal level for which the hardware remains associated with the current Access Point. When the signal level goes below this threshold the card starts looking for a new/better Access Point.
Example:
iwconfig eth0 sens -80

mode
Set the operating mode of the device, which depends on the network topology. The mode can be Ad-Hoc (network composed of only one cell and without Access Point), Managed (node connects to a network composed of many Access Points, with roaming), Master (the node is the synchronisation master or acts as an Access Point), Repeater (the node forwards packets between other wireless nodes), Secondary (the node acts as a backup master/repeater), Monitor (the node is not associated with any cell and passively monitor all packets on the frequency) or Auto.
Example:
iwconfig eth0 mode Managed
iwconfig eth0 mode Ad-Hoc

ap
Force the card to register to the Access Point given by the address, if it is possible. When the quality of the connection goes too low, the driver may revert back to automatic mode (the card selects the best Access Point in range). You may also use off to re-enable automatic mode without changing the current Access Point, or you may use any or auto to force the card to reassociate with the currently best Access Point.
Example:
iwconfig eth0 ap 00:60:1D:01:23:45
iwconfig eth0 ap any
iwconfig eth0 ap off

nick[name]
Set the nickname, or the station name. Some 802.11 products do define it, but this is not used as far as the protocols (MAC, IP, TCP) are concerned and completely useless as far as configuration goes. Only some diagnostic tools may use it.
Example:
iwconfig eth0 nickname "My Linux Node"

rate/bit[rate]
For cards supporting multiple bit rates, set the bit-rate in b/s. The bit-rate is the speed at which bits are transmitted over the medium, the user speed of the link is lower due to medium sharing and various overhead.

You may append the suffix k, M or G to the value (decimal multiplier : 10^3, 10^6 and 10^9 b/s), or add enough ’0’. Values below 1000 are card specific, usually an index in the bit-rate list. Use auto to select automatic bit-rate mode (fallback to lower rate on noisy channels), which is the default for most cards, and fixed to revert back to fixed setting. If you specify a bit-rate value and append auto, the driver will use all bitrates lower and equal than this value.
Examples :
iwconfig eth0 rate 11M
iwconfig eth0 rate auto
iwconfig eth0 rate 5.5M auto

rts[_threshold]
RTS/CTS adds a handshake before each packet transmission to make sure that the channel is clear. This adds overhead, but increases performance in case of hidden nodes or a large number of active nodes. This parameter sets the size of the smallest packet for which the node sends RTS ; a value equal to the maximum packet size disables the mechanism. You may also set this parameter to auto, fixed or off.
Examples :
iwconfig eth0 rts 250
iwconfig eth0 rts off

frag[mentation_threshold]
Fragmentation allows to split an IP packet in a burst of smaller fragments transmitted on the medium. In most cases this adds overhead, but in a very noisy environment this reduces the error penalty and allow packets to get through interference bursts. This parameter sets the maximum fragment size ; a value equal to the maximum packet size disables the mechanism. You may also set this parameter to auto, fixed or off.
Examples :
iwconfig eth0 frag 512
iwconfig eth0 frag off

key/enc[ryption]
Used to manipulate encryption or scrambling keys and security mode.

To set the current encryption key, just enter the key in hex digits as XXXX-XXXX-XXXX-XXXX or XXXXXXXX. To set a key other than the current key, prepend or append [index] to the key itself (this won’t change which is the active key). You can also enter the key as an ASCII string by using the s: prefix.

Passphrase is currently not supported. To change which key is the currently active key, just enter [index] (without entering any key value).

off and on disable and reenable encryption.

The security mode may be open or restricted, and its meaning depends on the card used. With most cards, in open mode no authentication is used and the card may also accept non-encrypted sessions, whereas in restricted mode only encrypted sessions are accepted and the card will use authentication if available.

If you need to set multiple keys, or set a key and change the active key, you need to use multiple key directives. Arguments can be put in any order, the last one will take precedence.
Examples :
iwconfig eth0 key 0123-4567-89
iwconfig eth0 key [3] 0123-4567-89
iwconfig eth0 key s:password [2]
iwconfig eth0 key [2]
iwconfig eth0 key open
iwconfig eth0 key off
iwconfig eth0 key restricted [3] 0123456789
iwconfig eth0 key 01-23 key 45-67 [4] key [4]

power
Used to manipulate power management scheme parameters and mode. To set the period between wake ups, enter period ???value???. To set the timeout before going back to sleep, enter timeout ???value???. You can also add the min and max modifiers. By default, those values are in seconds, append the suffix m or u to specify values in milliseconds or microseconds. Sometimes, those values are without units (number of beacon periods, dwell or similar).

off and on disable and reenable power management. Finally, you may set the power management mode to all (receive all packets), unicast (receive unicast packets only, discard multicast and broadcast) and multicast (receive multicast and broadcast only, discard unicast packets).
Examples :
iwconfig eth0 power period 2
iwconfig eth0 power 500m unicast
iwconfig eth0 power timeout 300u all
iwconfig eth0 power off
iwconfig eth0 power min period 2 power max period 4

txpower
For cards supporting multiple transmit powers, sets the transmit power in dBm. If W is the power in Watt, the power in dBm is P = 30 + 10.log(W). If the value is postfixed by mW, it will be automatically converted to dBm.

In addition, on and off enable and disable the radio, and auto and fixed enable and disable power control (if those features are available).
Examples :
iwconfig eth0 txpower 15
iwconfig eth0 txpower 30mW
iwconfig eth0 txpower auto
iwconfig eth0 txpower off

retry
Most cards have MAC retransmissions, and some allow to set the
behaviour of the retry mechanism.
To set the maximum number of retries, enter limit ???value???. This
is an absolute value (without unit). To set the maximum length
of time the MAC should retry, enter lifetime ???value???. By
defaults, this value in in seconds, append the suffix m or u to
specify values in milliseconds or microseconds.

You can also add the min and max modifiers. If the card supports automatic mode, they define the bounds of the limit or lifetime. Some other cards define different values depending on packet size, for example in 802.11 min limit is the short retry limit (non RTS/CTS packets).
Examples :
iwconfig eth0 retry 16
iwconfig eth0 retry lifetime 300m
iwconfig eth0 retry min limit 8

commit
Some cards may not apply changes done through Wireless Extensions immediately (they may wait to aggregate the changes or apply it only when the card is brought up via ifconfig). This command (when available) forces the card to apply all pending changes. This is normally not needed, because the card will eventually apply the changes, but can be useful for debugging.


DISPLAY

For each device which supports wireless extensions, iwconfig will display the name of the MAC protocol used (name of device for proprietary protocols), the ESSID (Network Name), the NWID, the frequency (or channel), the sensitivity, the mode of operation, the Access Point address, the bit-rate, the RTS threshold, the fragmentation threshold, the encryption key and the power management settings (depending on availability).

The parameters displayed have the same meaning and values as the parameters you can set, please refer to the previous part for a detailed explanation of them. Some parameters are only displayed in short/abbreviated form (such as encryption). You may use iwlist(8) to get all the details. Some parameters have two modes (such as bitrate). If the value is prefixed by ‘=’, it means that the parameter is fixed and forced to that value, if it is prefixed by ‘:’, the parameter is in automatic mode and the current value is shown (and may change).

Access Point/Cell
An address equal to 00:00:00:00:00:00 means that the card failed to associate with an Access Point (most likely a configuration issue). The Access Point parameter will be shown as Cell in ad-hoc mode (for obvious reasons), but otherwise works the same.

If /proc/net/wireless exists, iwconfig will also display its content.
Note that those values will depend on the driver and the hardware specifics, so you need to refer to your driver documentation for proper interpretation of those values.

Link quality
Overall quality of the link. May be based on the level of contention or interference, the bit or frame error rate, how good the received signal is, some timing synchronisation, or other hardware metric. This is an aggregate value, and depends totally on the driver and hardware.

Signal level
Received signal strength (RSSI - how strong the received signal is). May be arbitrary units or dBm, iwconfig uses driver meta information to interpret the raw value given by /proc/net/wireless and display the proper unit or maximum value (using 8 bit arithmetic). In Ad-Hoc mode, this may be undefined and you should use iwspy.

Noise level
Background noise level (when no packet is transmitted). Similar comments as for Signal level.

Rx invalid nwid
Number of packets received with a different NWID or ESSID. Used to detect configuration problems or adjacent network existence (on the same frequency).

Rx invalid crypt
Number of packets that the hardware was unable to decrypt. This can be used to detect invalid encryption settings.

Rx invalid frag
Number of packets for which the hardware was not able to prop erly re-assemble the link layer fragments (most likely one was missing).

Tx excessive retries
Number of packets that the hardware failed to deliver. Most MAC protocols will retry the packet a number of times before giving up.

Invalid misc
Other packets lost in relation with specific wireless operations.

Missed beacon
Number of periodic beacons from the Cell or the Access Point we have missed. Beacons are sent at regular intervals to maintain the cell coordination, failure to receive them usually indicates that the card is out of range.


FILES

/proc/net/wireless


SEE ALSO

ifconfig, iwspy, iwlist, iwevent, iwpriv, wireless.


Reference: http://linuxcommand.org/man_pages/iwconfig8.html

Creating Client SSL VPN on Cisco ASAs

Introduction

This document how to allow remote access VPN connections to the ASA from the Cisco AnyConnect 2.0 client.
Prerequisites
Requirements

Ensure that you meet these requirements before you attempt this configuration:

*

Basic ASA configuration that runs software version 8.0
*

ASDM 6.0(2)

Components Used

The information in this document is based on these software and hardware versions:

* Cisco ASA 8.0(2), ASDM 6.0 (2)
* Cisco AnyConnect 2.0
Background Information

The Cisco AnyConnect 2.0 client is an SSL-based VPN client. The AnyConnect client can be utilized and installed on a variety of operating systems, such as Windows 2000, XP, Vista, Linux (Multiple Distros) and MAC OS X. The AnyConnect client can be installed manually on the remote PC by the system administrator. It can also be loaded onto the security appliance and made ready for download to remote users. After the application is downloaded, it can automatically uninstall itself after the connection terminates, or it can remain on the remote PC for future SSL VPN connections. This example makes the AnyConnect client ready to download upon successful browser-based SSL authentication.

For more information on the AnyConnect 2.0 client, refer to AnyConnect 2.0 Release Notes.

Note: MS Terminal Services is not supported in conjunction with the AnyConnect client. You cannot RDP to a computer and then initiate an AnyConnect session. You cannot RDP to a client that is connected via AnyConnect.

Note: The first installation of AnyConnect requires the user to have admin rights (whether you use the standalone AnyConnect msi package or push the pkg file from the ASA). If the user does not have admin rights, a dialog box appears that states this requirement. Subsequent upgrades will not require the user that installed AnyConnect previously to have admin rights.


Configure
Step 1. Configure a Self-Issued Certificate

By default, the security appliance has a self-signed certificate that is regenerated every time the device is rebooted. You can purchase your own certificate from vendors, such as Verisign or EnTrust, or you can configure the ASA to issue an identity certificate to itself. This certificate remains the same even when the device is rebooted. Complete this step in order to generate a self-issued certificate that persists when the device is rebooted.

ASDM Procedure

1.

Click Configuration, and then click Remote Access VPN.
2.

Expand Certificate Management, and then choose Identity Certificates.
3.

Click Add, and then click the Add a new identity certificate radio button.
4.

Click New.
5.

In the Add Key Pair dialog box, click the Enter new key pair name radio button.
6.

Enter a name to identify the keypair.

This example uses sslvpnkeypair.
7.

Click Generate Now.
8.

In the Add Identity Certificate dialog box, ensure the newly created key pair is selected.
9.

For Certificate Subject DN, enter the fully qualified domain name (FQDN) that will be used to connect to the VPN terminating interface.

CN=sslvpn.cisco.com
10.

Click Advanced, and enter the FQDN used for the Certificate Subject DN field.

For example, FQDN: sslvpn.cisco.com
11.

Click OK.
12.

Check the Generate Self Signed Certificate check box, and click Add Certificate.
13.

Click OK.
14.

Click Configuration, and then click Remote Access VPN.
15.

Expand Advanced, and choose SSL Settings.
16.

In the Certificates area, choose the interface that will be used to terminate the SSL VPN (outside), and click Edit.
17.

In the Certificate drop-down list, choose the self-signed certificate that you generated earlier.
18.

Click OK, and then click Apply.


Step 2. Upload and Identify the SSL VPN Client Image

This document uses the AnyConnect SSL 2.0 client. You can obtain this client at the Cisco Software Download Website. A separate Anyconnect image is required for each operating system that remote users plan to use. For more information, refer to Cisco AnyConnect 2.0 Release Notes.

Once you obtain the AnyConnect client, complete these steps:

ASDM Procedure

1.

Click Configuration, and then click Remote Access VPN.
2.

Expand Network (Client) Access, and then expand Advanced.
3.

Expand SSL VPN, and choose Client Settings.
4.

In the SSL VPN Client Images area, click Add, and then click Upload.
5.

Browse to the location where you downloaded the AnyConnect client.
6.

Select the file, and click Upload File.

Once the client uploads, you receive a message that states the file was uploaded to flash successully.
7.

Click OK.

A dialog box appears to confirm that you want to use the newly uploaded image as the current SSL VPN client image.
8.

Click OK.
9.

Click OK, and then click Apply.
10.

Repeat the steps in this section for each operating system-specific Anyconnect package that you want to use.


Step 3. Enable Anyconnect Access

In order to allow the AnyConnect client to connect to the ASA, you must enable access on the interface that terminates SSL VPN connections. This example uses the outside interface in order to terminate Anyconnect connections.

ASDM Procedure

1.

Click Configuration, and then click Remote Access VPN.
2.

Expand Network (Client) Access, and then choose SSL VPN Connection Profiles.
3.

Check the Enable Cisco AnyConnect VPN Client check box.
4.

Check the Allow Access check box for the outside interface, and click Apply.


Step 4. Create a new Group Policy

A group policy specifies the configuration parameters that should be applied to clients when they connect. This example creates a group policy named SSLClientPolicy.

ASDM Procedure

1.

Click Configuration, and then click Remote Access VPN.
2.

Expand Network (Client) Access, and choose Group Policies.
3.

Click Add.
4.

Choose General, and enter SSLClientPolicy in the Name field.
5.

Uncheck the Address Pools Inherit check box.
6.

Click Select, and then click Add.

The Add IP Pool dialog box appears.
7.

Configure the address pool from an IP range that is not currently in use on your network.

This example uses these values:
*

Name: SSLClientPool
*

Starting IP Address: 192.168.25.1
*

Ending IP Address: 192.168.25.50
*

Subnet Mask: 255.255.255.0
8.

Click OK.
9.

Choose the newly created pool, and click Assign.
10.

Click OK, and then click More Options.
11.

Uncheck the Tunneling Protocols Inherit check box.
12.

Check SSL VPN Client.
13.

In the left pane, choose Servers.
14.

Uncheck the DNS Servers Inherit check box, and enter the IP address of the internal DNS server that the AnyConnect clients will use.

This example uses 192.168.50.5.
15.

Click More Options.
16.

Uncheck the Default Domain Inherit check box.
17.

Enter the domain used by your internal network. For example, tsweb.local .
18.

Click OK, and then click Apply.


Configure Access List Bypass for VPN Connections

When you enable this option, you allow the SSL/IPsec clients to bypass the interface access list.

ASDM Procedure

1.

Click Configuration, and then click Remote Access VPN.
2.

Expand Network (Client) Access, and then expand Advanced.
3.

Expand SSL VPN, and choose Bypass Interface Access List.
4.

Ensure the Enable inbound SSL VPN and IPSEC Sessions to bypass interface access lists check box is checked, and click Apply.


Step 6. Create a Connection Profile and Tunnel Group for the AnyConnect Client Connections

When VPN clients connect to the ASA, they connect to a connection profile or tunnel group. The tunnel group is used to define connection parameters for specific types of VPN connections, such as IPsec L2L, IPsec remote access, clientless SSL, and client SSL.

ASDM Procedure

1.

Click Configuration, and then click Remote Access VPN.
2.

Expand Network (Client) Access, and then expand SSL VPN.
3.

Choose Connection Profiles, and click Add.
4.

Choose Basic, and enter these values:
*

Name: SSLClientProfile
*

Authentication: LOCAL
*

Default Group Policy: SSLClientPolicy
5.

Ensure the SSL VPN Client Protocol check box is checked.
6.

In the left pane, expand Advanced, and choose SSL VPN.
7.

Under Connection Aliases, click Add, and enter a name to which users can associate their VPN connections. For example, SSLVPNClient.
8.

Click OK, and then click OK again.
9.

At the bottom of the ASDM window, check the Allow user to select connection, identified by alias in the table above at login page check box, and click Apply.


Step 7. Configure NAT Exemption for AnyConnect Clients

NAT exemption should be configured for any IP addresses or ranges you want to allow the SSL VPN clients to access. In this example, the SSL VPN clients need access to the internal IP 192.168.50.5 only.

Note: If NAT-control is not enabled, this step is not required. Use the show run nat-control command to verify. In order to verify through ASDM, click Configuration, click Firewall, and choose Nat Rules. If the Enable traffic through the firewall without address translation check box is checked, you can skip this step.

ASDM Procedure

1.

Click Configuration, and then click Firewall.
2.

Choose Nat Rules, and click Add.
3.

Choose Add NAT Exempt Rule, and enter these values:
*

Action: Exempt
*

Interface: inside
*

Source: 192.168.50.5
*

Destination: 192.168.25.0/24
*

NAT Exempt Direction: NAT Exempt outbound traffic from interface 'inside' to lower security interfaces (Default)
4.

Click OK, and then click Apply.


Step 8. Add Users to the Local Database

If you use local authentication (the default), you must define user names and passwords in the local database for user authentication.

ASDM Procedure

1.

Click Configuration, and then click Remote Access VPN.
2.

Expand AAA Setup, and choose Local Users.
3.

Click Add, and enter these values:
*

Username: matthewp
*

Password: p@ssw0rd
*

Confirm Password: p@ssw0rd
4.

Select the No ASDM, SSH, Telnet or Console Access radio button.
5.

Click OK, and then click Apply.
6.

Repeat this step for additional users, and then click Save.


Verify SSL VPN Client Connections

Use the show vpn-sessiondb svc command in order to verify connected SSL VPN clients.

ciscoasa(config-group-policy)#show vpn-sessiondb svc

Session Type: SVC

Username : matthewp Index : 6
Assigned IP : 192.168.25.1 Public IP : 172.18.12.111
Protocol : Clientless SSL-Tunnel DTLS-Tunnel
Encryption : RC4 AES128 Hashing : SHA1
Bytes Tx : 35466 Bytes Rx : 27543
Group Policy : SSLClientPolicy Tunnel Group : SSLClientProfile
Login Time : 20:06:59 UTC Tue Oct 16 2007
Duration : 0h:00m:12s
NAC Result : Unknown
VLAN Mapping : N/A VLAN : none

ciscoasa(config-group-policy)#

The vpn-sessiondb logoff name username command logs off users by user name. An Administrator Reset message is sent to the user when disconnected.

ciscoasa(config)#vpn-sessiondb logoff name matthewp
Do you want to logoff the VPN session(s)? [confirm]
INFO: Number of sessions with name "matthewp" logged off : 1

ciscoasa(config)#

Password recovery procedure Cisco catalyst fixed configuration layer 2 and 3 switches

Introduction
This document describes the password recovery procedure for the Cisco Catalyst Layer 2 fixed configuration switches 2900XL/3500XL, 2940, 2950/2955, 2960, and 2970 Series, as well as the Cisco Catalyst Layer 3 fixed configuration switches 3550, 3560, and 3750 Series.

Before You Begin
Conventions
For more information on document conventions, see the Cisco Technical Tips Conventions.

Prerequisites
There are no specific prerequisites for this document.

Step-by-Step Procedure
Follow the password recovery procedure below.

Attach a terminal or PC with terminal emulation (for example, Hyper Terminal) to the console port of the switch.

Use the following terminal settings:

Bits per second (baud): 9600

Data bits: 8

Parity: None

Stop bits: 1

Flow Control: Xon/Xoff

Note: For additional information on cabling and connecting a terminal to the console port, refer to Connecting a Terminal to the Console Port on Catalyst Switches.

Unplug the power cable.

Power the switch and bring it to the switch: prompt:

For 2900XL, 3500XL, 2940, 2950, 2960, 2970, 3550, 3560, and 3750 series switches, do this:

Hold down the mode button located on the left side of the front panel, while you reconnect the power cable to the switch.

Catalyst Switch Series
LED Behavior and Mode Button Release Action

2900XL, 3500XL, 3550
Release the Mode button when the LED above Port1x goes out.

2940, 2950
Release the Mode button after approximately 5 seconds when the Status (STAT) LED goes out. When you release the Mode button, the SYST LED blinks amber.

2960, 2970
Release the Mode button when the SYST LED blinks amber and then turns solid green. When you release the Mode button, the SYST LED blinks green.

3560, 3750
Release the Mode button after approximately 15 seconds when the SYST LED turns solid green. When you release the Mode button, the SYST LED blinks green.



Note: LED position may vary slightly depending on the model.

Catalyst 3524XL



Catalyst 2950-24



For 2955 series switches only:

The Catalyst 2955 series switches do not use an external mode button for password recovery. Instead the switch boot loader uses the break-key detection to stop the automatic boot sequence for the password recovery purposes. The break sequence is determined by the terminal application and operating system used. Hyperterm running on Windows 2000 uses Ctrl + Break. On a workstation running UNIX, Ctrl-C is the break key. For more information, refer to Standard Break Key Sequence Combinations During Password Recovery.

The example below uses Hyperterm to break into switch: mode on a 2955.

C2955 Boot Loader (C2955-HBOOT-M) Version 12.1(0.0.514), CISCO DEVELOPMENT TEST
VERSION
Compiled Fri 13-Dec-02 17:38 by madison
WS-C2955T-12 starting...
Base ethernet MAC Address: 00:0b:be:b6:ee:00
Xmodem file system is available.
Initializing Flash...
flashfs[0]: 19 files, 2 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 7741440
flashfs[0]: Bytes used: 4510720
flashfs[0]: Bytes available: 3230720
flashfs[0]: flashfs fsck took 7 seconds.
...done initializing flash.
Boot Sector Filesystem (bs:) installed, fsid: 3
Parameter Block Filesystem (pb:) installed, fsid: 4

*** The system will autoboot in 15 seconds ***
Send break character to prevent autobooting.


!--- Wait until you see this message before
!--- you issue the break sequence.
!--- Ctrl+Break is entered using Hyperterm.


The system has been interrupted prior to initializing the flash file system to finish
loading the operating system software:

flash_init
load_helper
boot
switch:Issue the flash_init command.

switch: flash_init
Initializing Flash...
flashfs[0]: 143 files, 4 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 3612672
flashfs[0]: Bytes used: 2729472
flashfs[0]: Bytes available: 883200
flashfs[0]: flashfs fsck took 86 seconds
....done Initializing Flash.
Boot Sector Filesystem (bs:) installed, fsid: 3
Parameter Block Filesystem (pb:) installed, fsid: 4
switch:

!--- This output is from a 2900XL switch. Output from
!--- other switches will vary slightly.

Issue the load_helper command.

switch: load_helper
switch:Issue the dir flash: command.

Note: Make sure to type a colon ":" after the dir flash.

The switch file system is displayed:

switch: dir flash:
Directory of flash:/
2 -rwx 1803357 c3500xl-c3h2s-mz.120-5.WC7.bin

!--- This is the current version of software.

4 -rwx 1131 config.text

!--- This is the configuration file.

5 -rwx 109 info
6 -rwx 389 env_vars
7 drwx 640 html
18 -rwx 109 info.ver
403968 bytes available (3208704 bytes used)
switch:

!--- This output is from a 3500XL switch. Output from
!--- other switches will vary slightly.

Type rename flash:config.text flash:config.old to rename the configuration file.

switch: rename flash:config.text flash:config.old
switch:

!--- The config.text file contains the password
!--- definition.

Issue the boot command to boot the system.

switch: boot
Loading "flash:c3500xl-c3h2s-mz.120-5.WC7.bin"...###############################
################################################################################
######################################################################
File "flash:c3500xl-c3h2s-mz.120-5.WC7.bin" uncompressed and installed, entry po
int: 0x3000
executing...

!--- Output suppressed.
!--- This output is from a 3500XL switch. Output from other switches
!--- will vary slightly.

Enter "n" at the prompt to abort the initial configuration dialog.

--- System Configuration Dialog ---
At any point you may enter a question mark '?' for help.
Use ctrl-c to abort configuration dialog at any prompt.
Default settings are in square brackets '[]'.
Continue with configuration dialog? [yes/no]: n

!--- Type "n" for no.

Press RETURN to get started.

!--- Press Return or Enter.

Switch>

!--- The Switch> prompt is displayed.

At the switch prompt, type en to enter enable mode.

Switch>en
Switch#Type rename flash:config.old flash:config.text to rename the configuration file with its original name.

Switch#rename flash:config.old flash:config.text
Destination filename [config.text]

!--- Press Return or Enter.

Switch#Copy the configuration file into memory.

Switch#copy flash:config.text system:running-config
Destination filename [running-config]?

!--- Press Return or Enter.

1131 bytes copied in 0.760 secs
Sw1#The configuration file is now reloaded.

Overwrite the current passwords that you do not know. Choose a strong password with at least one capital letter, one number, and one special character.

Note: Overwrite the passwords which are necessary. You need not overwrite all of the mentioned passwords.

Sw1# conf t


!--- To overwrite existing secret password

Sw1(config)#enable secret



!--- To overwrite existing enable password

Sw1(config)#enable password



!--- To overwrite existing vty password

Sw1(config)#line vty 0 15
Sw1(config-line)#password

Sw1(config-line)#login


!--- To overwrite existing console password

Sw1(config-line)#line con 0
Sw1(config-line)#password

Write the running configuration to the configuration file with the write memory command.

Sw1#write memory
Building configuration...
[OK]
Sw1#

Time Windows 2000 SERVER

C:\>net time /querysntp
This computer is not currently configured to use a specific SNTP server.
The command completed successfully.

For a list of NTP servers, see this page. Let's configure it for clock.isc.org:

C:\>net time /setsntp:clock.isc.org
The command completed successfully.


Verify that it stuck:

C:\>net time /querysntp
The current SNTP value is: clock.isc.org
The command completed successfully.

You may need to bounce w32time to see your results:

C:\>net stop w32time
The Windows Time service is stopping.
The Windows Time service was stopped successfully.
C:\>net start w32time
The Windows Time service is starting.
The Windows Time service was started successfully.

Note that you only want to do this on machines that are not already synchronizing with the domain controller, which happens automatically with active directory. This is also the method you would use to select an outside source to synchronize time with on the PDC of the domain at the root of the forest.

Host-based routes Windows Server 2000 2003 XP

To display the entire contents of the IP routing table, type:

route print

To display the routes in the IP routing table that begin with 10., type:

route print 10.*

To add a default route with the default gateway address of 192.168.12.1, type:

route add 0.0.0.0 mask 0.0.0.0 192.168.12.1

To add a route to the destination 10.41.0.0 with the subnet mask of 255.255.0.0 and the next hop address of 10.27.0.1, type:

route add 10.41.0.0 mask 255.255.0.0 10.27.0.1

To add a persistent route to the destination 10.41.0.0 with the subnet mask of 255.255.0.0 and the next hop address of 10.27.0.1, type:

route -p add 10.41.0.0 mask 255.255.0.0 10.27.0.1

To add a route to the destination 10.41.0.0 with the subnet mask of 255.255.0.0, the next hop address of 10.27.0.1, and the cost metric of 7, type:

route add 10.41.0.0 mask 255.255.0.0 10.27.0.1 metric 7

To add a route to the destination 10.41.0.0 with the subnet mask of 255.255.0.0, the next hop address of 10.27.0.1, and using the interface index 0x3, type:

route add 10.41.0.0 mask 255.255.0.0 10.27.0.1 if 0x3

To delete the route to the destination 10.41.0.0 with the subnet mask of 255.255.0.0, type:

route delete 10.41.0.0 mask 255.255.0.0

To delete all routes in the IP routing table that begin with 10., type:

route delete 10.*

To change the next hop address of the route with the destination of 10.41.0.0 and the subnet mask of 255.255.0.0 from 10.27.0.1 to 10.27.0.25, type:

route change 10.41.0.0 mask 255.255.0.0 10.27.0.25

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/route.mspx?mfr=true

HJSplit for Windows

Very nice looking freeware file splitter (screenshot). It splits files of any type and size. Does not need to be installed. Just click on hjsplit.exe and the program starts. This program can even handle files which are larger than 10Gb!

New! Updated on July 10, 2009

To download HJSplit (344 Kb), just click on one of the links below:
www.freebytesoftware.com/download/hjsplit.zip
www.freebyte.net/download/hjsplit.zip
www.treepad.net/download/hjsplit.zip

For Windows XP, Vista, 2000, NT, 98, 95, ME. Created by Freebyte.com