Configure Network Level Authentication for Remote Desktop Services Connections

Network Level Authentication is an authentication method that can be used to enhance RD Session Host server security by requiring that the user be authenticated to the RD Session Host server before a session is created.

Network Level Authentication completes user authentication before you establish a remote desktop connection and the logon screen appears. This is a more secure authentication method that can help protect the remote computer from malicious users and malicious software. The advantages of Network Level Authentication are:

• It requires fewer remote computer resources initially. The remote computer uses a limited number of resources before authenticating the user, rather than starting a full remote desktop connection as in previous versions.
  
  
• It can help provide better security by reducing the risk of denial-of-service attacks.
  

To use Network Level Authentication, you must meet the following requirements:

• The client computer must be using at least Remote Desktop Connection 6.0.
  
  
• The client computer must be using an operating system, such as Windows 7, Windows Vista, or Windows XP with Service Pack 3, that supports the Credential Security Support Provider (CredSSP) protocol.
  
  
• The RD Session Host server must be running Windows Server 2008 R2 or Windows Server 2008.
  

Use the following procedure to configure Network Level Authentication for a connection.

Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at http://go.microsoft.com/fwlink/?LinkId=83477.

To configure Network Level Authentication for a connection

1. On the RD Session Host server, open Remote Desktop Session Host Configuration. To open Remote Desktop Session Host Configuration, click Start, point to Administrative Tools, point to Remote Desktop Services, and then click Remote Desktop Session Host Configuration.
   
2. Under Connections, right-click the name of the connection, and then click Properties.
   
3. On the General tab, select the Allow connections only from computers running Remote Desktop with Network Level Authentication check box.
   If the Allow connections only from computers running Remote Desktop with Network Level Authentication check box is selected and is not enabled, the Require user authentication for remote connections by using Network Level Authentication Group Policy setting has been enabled and has been applied to the RD Session Host server.
   
4. Click OK.
   

The Network Level Authentication setting for an RD Session Host server can also be set in the following ways:

• During the installation of the RD Session Host role service in Server Manager, on the Specify Authentication Method for Remote Desktop Session Host page in the Add Roles Wizard.
  
  
• On the Remote tab in the System Properties dialog box on an RD Session Host server.
  
  If the Allow connections from computers running any version of Remote Desktop (less secure) is not selected and is not enabled, the Require user authentication for remote connections by using Network Level Authentication Group Policy setting has been enabled and has been applied to the RD Session Host server.
  
  To configure the Network Level Authentication setting by using the Remote tab in the System Properties dialog box on an RD Session Host server, see Change Remote Connection Settings.
  
  
• By applying the Require user authentication for remote connections by using Network Level Authentication Group Policy setting.
  
  This Group Policy setting is located in Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security and can be configured by using either the Local Group Policy Editor or the Group Policy Management Console (GPMC). Note that the Group Policy setting will take precedence over the setting configured in Remote Desktop Session Host Configuration or on the Remote tab.
  

To determine whether a computer is running a version of Remote Desktop Connection that supports Network Level Authentication, start Remote Desktop Connection, click the icon in the upper-left corner of the Remote Desktop Connection dialog box, and then click About. Look for the phrase Network Level Authentication supported in the About Remote Desktop Connection dialog box.

Applies To: Windows Server 2008 R2

See MS TechNet for more info.

Amazon EC2 Instance Types

Available Instance Types

Standard Instances
Instances of this family are well suited for most applications.

Small Instance (AKA m1.small)

1.7 GB memory
1 EC2 Compute Unit (1 virtual core with 1 EC2 Compute Unit)
160 GB instance storage (150 GB plus 10 GB root partition)
32-bit platform
I/O Performance: Moderate

Large Instance (AKA m1.large)

7.5 GB memory
4 EC2 Compute Units (2 virtual cores with 2 EC2 Compute Units each)
850 GB instance storage (2×420 GB plus 10 GB root partition)
64-bit platform
I/O Performance: High

Extra Large Instance (AKA m1.xlarge)

15 GB memory
8 EC2 Compute Units (4 virtual cores with 2 EC2 Compute Units each)
1,690 GB instance storage (4×420 GB plus 10 GB root partition)
64-bit platform
I/O Performance: High

High-Memory Instances
Instances of this family offer large memory sizes for high throughput applications, including database and memory caching applications.

High-Memory Double Extra Large Instance (AKA m2.2xlarge)

34.2 GB of memory
13 EC2 Compute Units (4 virtual cores with 3.25 EC2 Compute Units each)
850 GB of instance storage
64-bit platform
I/O Performance: High

High-Memory Quadruple Extra Large Instance (AKA m2.4xlarge)

68.4 GB of memory
26 EC2 Compute Units (8 virtual cores with 3.25 EC2 Compute Units each)
1690 GB of instance storage
64-bit platform
I/O Performance: High

High-CPU Instances
Instances of this family have proportionally more CPU resources than memory (RAM) and are well suited for compute-intensive applications.

High-CPU Medium Instance (AKA c1.medium)

1.7 GB of memory
5 EC2 Compute Units (2 virtual cores with 2.5 EC2 Compute Units each)
350 GB of instance storage
32-bit platform
I/O Performance: Moderate

High-CPU Extra Large Instance (AKA c1.xlarge)

7 GB of memory
20 EC2 Compute Units (8 virtual cores with 2.5 EC2 Compute Units each)
1690 GB of instance storage
64-bit platform
I/O Performance: High

More Info

• Amazon Elastic Compute Cloud (Amazon EC2) - pricing
• Amazon Web Services Simple Monthly Calculator

How To Use Wget - Includes Several Examples Using Wget

wget is a great command line utility that is natively available in Linux and can be downloaded for Windows (see also GNU WGet for Windows (Windows 7, Vista, XP, etc.)). wget can be used for many download situations including large files, recursive downloads, non-interactive downloads, multiple file downloads, etc.

Note: options ARE case sensitive.

1. Download a single file with wget using no options.

wget http://ftp.gnu.org/gnu/wget/wget-latest.tar.gz

While downloading, wget will display a progress bar with the following information:

• % of download completion
• Download progress in bytes
• Current download speed
• Estimated time remaining

Download in progress

Completed download

2. Download a file saving with a different name using wget -O

wget http://www.vim.org/scripts/download_script.php?src_id=7701

Even though the downloaded file is in zip format, it will be saved with the name download_script.php?src_id=7701 without the -O switch.

To modify this behavior specify the output file name using the -O option.

wget -O taglist.zip http://www.vim.org/scripts/download_script.php?src_id=7701

3. Specify download speed / download rate Using wget –limit-rate

While executing the wget, by default it will try to use all possible bandwidth. You can limit the download speed using the –limit-rate switch.

wget --limit-rate=200k http://ftp.gnu.org/gnu/wget/wget-latest.tar.gz

4. Restart a download which stopped in the middle using wget -c.

wget -c http://ftp.gnu.org/gnu/wget/wget-latest.tar.gz

5. Download in the background with wget -b

wget -b http://ftp.gnu.org/gnu/wget/wget-latest.tar.gz

The download will begin and give back the shell prompt to you. You can always check the status of the download using tail -f  (Linux only) .

tail -f wget-log

6. Mask user agent and display wget like browser using wget –user-agent

Some websites can disallow you to download its page by identifying that the user agent is not a browser. So you can mask the user agent by using –user-agent options and show wget like a browser.

wget --user-agent="Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.3) Gecko/2008092416 Firefox/3.0.3" http://ftp.gnu.org/gnu/wget/wget-latest.tar.gz

7. Test URL using wget –spider.  This will test that the file exists, but not perform the download.

wget --spider http://ftp.gnu.org/gnu/wget/wget-latest.tar.gz

8. Increase total number of retry attempts using wget –tries.

wget --tries=75 http://ftp.gnu.org/gnu/wget/wget-latest.tar.gz

9. Download multiple files / URLs using wget -i

First, store all the download files or URLs in a text file:
URL1
URL2
URL3
URL4

Next, give the download-file-list.txt as argument to wget using -i option.

wget -i download-file-list.txt

10. Download a full website using wget –mirror

wget --mirror -p --convert-links -P ./LOCAL-DIR WEBSITE-URL

• –mirror: enable mirroring
• -p: download all files that are necessary to properly display a given HTML page
• –convert-link: after the download, convert the links in document for local viewing
• -P ./LOCAL-DIR: save all the files and directories to the specified directory

11. Skip certain file types while downloading using wget –reject.  In order to download all content except .gif images use the following.

wget --reject=gif WEBSITE-TO-BE-DOWNLOADED

12. Log messages to a log file instead of stderr using wget -o.  To redirect output to a log file instead of the terminal.

wget -o download.log DOWNLOAD-URL

13. Quit downloading when certain size is exceeded using wget -Q.

wget -Q5m -i FILE-WHICH-HAS-URLS

14. Download only certain file types using wget -r -A

You can use this for the following situations

• Download all images from a website
• Download all videos from a website
• Download all PDF files from a website

wget -r -A.pdf http://url-to-webpage-with-pdfs/

15. You can use wget to perform FTP downloads.

wget ftp-url

FTP download using wget with username and password authentication.

wget --ftp-user=USERNAME --ftp-password=PASSWORD DOWNLOAD-URL

Note: username and password can be used for HTTP and HTTPS downloads as well using --http-user=USER, --http-password=PASS respectively.

More

• GNU WGet for Windows (Windows 7, Vista, XP, etc.)

Find Last Reboot Time in Windows 7, Vista and Windows 2008

Have you ever wanted a quick and easy way to know how long your Windows 7 (or Vista or Windows 2008 server) system has been running?  When it was last restarted or rebooted?  There are a few easy ways this can be done, most from the Windows command line.  So open a Windows command prompt and choose the one that works best for you.  (Most of these commands work with Windows XP, Windows 2003, 2000, etc.  See notes below for specifics.)

• This first way will display how long the network service has been running.  Generally this will be very close to the same amount of time (within a minute or two) as Windows has been running.  It won't be accurate if you restart the network service.
  Note: I listed this first because it's the one I usually use.
  
  From a command prompt window run the following (the 'S' in 'Statistics' must be capitalized):

net statistics workstation | find "Statistics"

You can shortcut it as well using:

net stats work | find "Stat"

Result:

Or ever shorter use either of the following:

net stats work
netstats work |more

• This next method uses the command 'systeminfo.'  Again from a command prompt run (make sure to capitalize 'S', 'B' and 'T':

systeminfo | find "System Boot Time"

Result:

You can use the following on XP, Windows 2003 and earlier (however this will give only the length of uptime and not the system boot time):

systeminfo | find "Up Time"

• The third method uses WMI, more specifically wmic (Windows Management Instrumentation Command-line), but the output is a little cryptic:

wmic OS Get LastBootUpTime

Result: 20091220133343.981621-300, which can be intrepreted as year 2009, month 12, day 20, hour 13 (or 1:00 PM), minute 33, etc.  Note: be careful as this may be displayed as UTC time depending on your system - like with Amazon EC2 virtual servers for example.

• You can always use the system event log (this only works on 2003/XP or older).  Of course, you could go to Control Panel and browse through the system event log, but let's do it through the command line with:

cscript c:\windows\system32\eventquery.vbs /fi "ID eq 6005" /l system

Over the years I have found system event log event 6005, "The Event log service was started." to be the the most consistent entry after a computer restarts, even from a power outage, BSOD or other event.  This command will also give you a history of system startups listed in the System event log.

• Finally, you can use this handy PowerShell script:
  Get-WmiObject Win32_NTLogEvent -filter "LogFile='System' and EventCode=6005" | Format-Table ComputerName, EventCode, Message, TimeWritten

Just like with anything there are many ways to skin this cat, so choose your favorite one (or two to double-check data) and go for it.

Disable Unnecessary Services on Mac OS X

How to disable unnecessary services on Mac OS X based desktop / server / laptop.

Mac OS X uses the following directories to start various services:

1. /System/Library/LaunchDaemons/ - System-wide daemons provided by Mac OS X
2. /System/Library/LaunchAgents/ - Per-user agents provided by Mac OS X
3. ~/Library/LaunchAgents/ - Per-user agents provided by the user
4. /Library/LaunchAgents/ - Per-user agents provided by the administrator
5. /Library/LaunchDaemons/ - System-wide daemons provided by the administrator.

launchd manages processes, both for the system as a whole and for individual users using .plist files. Open the terminal and type the following commands to view directory files:

cd /System/Library/LaunchDaemons/
ls -l
ls -l | less

OR

cd /System/Library/LaunchAgents/
ls -l
ls -l | less

Disable Unnecessary Services
Use the launchctl command as follows:

sudo launchctl unload -w /path/to/.plist/file
sudo launchctl unload -w /System/Library/LaunchDaemons/file.plist

In this example, use the following to disable the Bonjour service:

sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist
sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.mDNSResponderHelper.plist

Setup self-signed certificate on IIS 6

Create a self-signed SSL certificate with SelfSSL from the IIS 6.0 Resource Kit. The IIS 6.0 Resource Kit contains a utility called SelfSSL.exe for quickly and easily creating and installing a self-signed certificate into IIS 6 for Windows 2003 or XP. Download IIS 6.0 Resource Kit Tools Install the resource kit Go to Programs \ IIS Resources \ SelfSSL and select "SelfSSL" Execute the following (modify for your environment): selfssl.exe /N:CN=www.powercram.com /K:1024 /V:180 /S:56792119 /P:443 /T Go to https://localhost to test.

Explanation of selfssl.exe switches (used in command above):

• /N:CN=www.powercram.com - common name of the certificate.
• /K:1024 - key length.
• /V:180 - number of days certificate is valid.
• /S:56792119 - IIS site ID.  Default is 1 for "default site."
• /P:443 - SSL port.
• /T - Adds the self-signed certificate to "Trusted Certificates" list.

Measure Network Throughput (Bandwidth) with Iperf

Iperf is a tool for measuring maximum TCP and UDP bandwidth performance. Iperf reports bandwidth, delay jitter, datagram loss.

Iperf allows the user to set various parameters that can be used for testing a network, or alternately for optimizing or tuning a network. Iperf has a client and server functionality, and can measure the throughput between the two ends, either unidirectonally or bi-directionally. It is open source software and runs on various platforms including Linux, Unix and Windows. It is supported by the National Laboratory for Applied Network Research.

When used for testing UDP capacity, Iperf allows the user to specify the datagram size and provides results for the datagram throughput and the packet loss.

When used for testing TCP capacity, Iperf measures the throughput of the payload. One thing to note is that Iperf uses 1024*1024 for megabytes and 1000*1000 for megabits. There is a Graphical user interface (GUI) front end available called jperf.

Typical Iperf output contains a timestamped report of the amount of data transferred and the throughput measured.

Iperf is significant as it is a standardized tool that can be run over any network and output standardized performance measurements. Thus it can be used for comparison of wired and wireless networking equipment and technologies in an unbiased way. As it is open source, the measurement methodology can be scrutinized by users.

See also Use Iperf to Measure Network Throughput (Bandwidth) for examples and details on using Iperf.

Download Iperf and get more information from SourceForge.

Backtrack 4 Beta in Windows with VmWare Workstation

This is a tutorial on how to install and set up backtrack 4 beta using vmware.

Steps to log into Backtrack 4 beta:

1. hit "play" button
2. boot into backtrack 4 beta
3. bt login: root
4. password: toor
5. startx

Steps for setting up your network card:

• type in "/etc/init.d/networking start" before typing in "startx"

OR

1. open terminal
2. ifconfig eth0 up
3. dhclient eth0

CamStudio - Free Streaming Video Software for Windows

CamStudio is able to record all screen and audio activity on your computer and create industry-standard AVI video files and using its built-in SWF Producer can turn those AVIs into lean, mean, bandwidth-friendly Streaming Flash videos (SWFs)

Here are just a few ways you can use this software:

• You can use it to create demonstration videos for any software program
• Or how about creating a set of videos answering your most frequently asked questions?
• You can create video tutorials for school or college class
• You can use it to record a recurring problem with your computer so you can show technical support people
• You can use it to create video-based information products you can sell
• You can even use it to record new tricks and techniques you discover on your favourite software program, before you forget them

More on CamStudio | Download CamStudio

FLV Player for Windows 7 and Vista - VLC media player

VLC media player is a highly portable multimedia player supporting most audio and video formats (H.264, Ogg, DivX, MKV, TS, MPEG-2, mp3, MPEG-4, aac, ...) from files, physical media (DVDs, VCD, Audio-CD), TV capture cards and many network streaming protocols.

More info & download VLC Media Player.