Windows 2003 Server FTP and Firewall Passive port range tweak

Posted At : September 2, 2008 4:22 PM | Posted By : Mark W. Breneman
Related Categories: Server Notes

On Windows 2003 Server with IIS6

  • To Enable Direct Metabase Edit
    1. Open the IIS Microsoft Management Console (MMC).
    2. Right-click on the Local Computer node.
    3. Select Properties.
    4. Make sure the Enable Direct Metabase Edit checkbox is checked.
  • Configure PassivePortRange via ADSUTIL script
    1. Click Start, click Run, type cmd, and then click OK.
    2. Type cd Inetpub\AdminScripts and then press ENTER.
    3. Type the following command where the range is specified in "..". cscript.exe adsutil.vbs set /MSFTPSVC/PassivePortRange "5001-5201"
    4. Restart the FTP Publishing Service.
    • You'll see the following output, when you configure via ADSUTIL script:

    Microsoft (R) Windows Script Host Version 5.6
    Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.

    PassivePortRange : (STRING) "5001-5201"

  • Add each port to the Windows Firewall
    1. Click Start, click Control Panel, open Windows Firewall, and select the Exceptions tab.
    2. Click the Add Port button.
    3. Enter a Name for the Exception and the first number in the port range.
    4. Click TCP if not already selected and click OK.
    5. Repeat for each port in the range - for large ranges see the end of the document.
    6. Enable the Windows Firewall on the General Tab.


To add a range of ports to Windows Firewall from the Command Line
  1. Click Start, click Run, type cmd, and then click OK.
  2. Type in the following where the range is specified in ( ) and the name of the firewall entry is in " ".
    FOR /L %I IN (5001,1,5201) DO netsh firewall add portopening TCP %I "Passive FTP"%I
  3. Each port in the range will be added with an "OK" confirmation.

This info was taken directly from: http://www.newagedigital.com/cgi-bin/newagedigital/articles/ms-firewall-ftp.html I post this here on my blog as my personal reference.

Comments (0) | Print | Send | del.icio.us | Digg It! | Linking Blogs | 35 Views

Disable SSL2.0 on Windows webserver IIS

Posted At : August 28, 2008 3:44 PM | Posted By : Mark W. Breneman
Related Categories: Server Notes

Open Regedit
Go to:
HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders \SCHANNEL\Protocols\SSL 2.0\Server
Add new DWORD, In the Value Name box, type "Enabled", and then click OK.
Reboot or restart IIS. Not sure if only restarting IIS will do it.

Comments (0) | Print | Send | del.icio.us | Digg It! | Linking Blogs | 48 Views

Import PFX SSL Cert into IIS

Posted At : August 28, 2008 10:51 AM | Posted By : Mark W. Breneman
Related Categories: Server Notes

If you just imported all of your IIS site via the export / import site method. You will have several sites that reference a SSL certs that do not exist on your system yet. To import the ssl certs you can get started by, simply importing the .PFX file into IIS by getting the site properties clicking on the directory security tab, click view cert (IIS Cert Wizard), then remove existing "dead" cert, then go back into the view cert / IIS Cert Wizard, select import a cert from a .pfx file, Enter password and you are done.

Here is a second way:

In order to view the Certificates store on the local computer, perform the following steps:

1. Click Start, and then click Run.
2. Type "MMC.EXE" (without the quotation marks) and click OK.
3. Click Console in the new MMC you created, and then click Add/Remove Snap-in.
4. In the new window, click Add.
5. Highlight the Certificates snap-in, and then click Add.
6. Choose the Computer option and click Next.
7. Select Local Computer on the next screen, and then click OK.
8. Click Close , and then click OK.
9. You have now added the Certificates snap-in, which will allow you to work with any certificates in your computer's certificate store. You may want to save this MMC for later use.

Now that you have access to the Certificates snap-in, you can import the server certificate into you computer's certificate store by following these steps:

1. Open the Certificates (Local Computer) snap-in and navigate to Personal, and then Certificates.

Note: Certificates may not be listed. If it is not, that is because there are no certificates installed.
2. Right-click Certificates (or Personal if that option does not exist.)
3. Choose All Tasks, and then click Import.
4. When the wizard starts, click Next. Browse to the PFX file you created containing your server certificate and private key. Click Next.
5. Enter the password you gave the PFX file when you created it. Be sure the Mark the key as exportable option is selected if you want to be able to export the key pair again from this computer. As an added security measure, you may want to leave this option unchecked to ensure that no one can make a backup of your private key.
6. Click Next, and then choose the Certificate Store you want to save the certificate to. You should select Personal because it is a Web server certificate. If you included the certificates in the certification hierarchy, it will also be added to this store.
7. Click Next. You should see a summary of screen showing what the wizard is about to do. If this information is correct, click Finish.
8. You will now see the server certificate for your Web server in the list of Personal Certificates. It will be denoted by the common name of the server (found in the subject section of the certificate).

Now that you have the certificate backup imported into the certificate store, you can enable Internet Information Services 5.0 to use that certificate (and the corresponding private key). To do this, perform the following steps:

Comments (0) | Print | Send | del.icio.us | Digg It! | Linking Blogs | 54 Views

Migrate IIS SSL Certs to a new server

Posted At : August 28, 2008 10:25 AM | Posted By : Mark W. Breneman
Related Categories: Server Notes

Create an MMC Snap-in for Managing Certificates

In order to perform the backup, you must first create a new MMC and add the Certificates snap-in. You can also add the snap-in to another MMC as long as it is opened in Author mode.



Use the following steps to create a new MMC and add the Certificates snap-in:

1. Click Start , and then click Run.
2. Type in "MMC.EXE" (without the quotation marks) and click OK.
3. Click Console in the new MMC you created, and then click Add/Remove Snap-in.
4. In the new window that appears, click Add.
5. Highlight Certificates , and then click Add.
6. Choose the Computer account option and click Next.
7. Select Local Computer on the next screen, and then click OK.
8. Click Close , and then click OK.

You have now added the Certificates snap-in, which will allow you to work with any certificates in your computer's certificate store. You may want to save this MMC for later use.

Export a Certificate and Public Key

Now that you have added the Certificates snap-in, you can export the key pair that your Web server is using (the certificate and public key). To do this, perform the following steps:

1. Open the Certificates (Local Computer) snap-in you added in the last section, navigate to Personal, and then to Certificates.
2. You will see your Web server certificate denoted by the CN (Common Name) found in the Subject field of the certificate (using Internet Explorer 5.0, you can easily view the certificate to see the Common Name if you are unsure).
3. Right-click on the server certificate, select All Tasks, and then click Export.
4. When the wizard starts, click Next. Choose to export the private key, and then click Next. NOTE: If you export the certificate for use on an IIS Web server, do not select Require Strong Encryption. This option causes a password prompt every time an application attempts to access the private key, and causes IIS to fail.
 
5. The file format you will want to choose is the Personal Information Exchange MB Note: Select PFX and deselect all other options, go to next step...

(though you can select from several options). This will create a PFX file. Notice that you can export any certificates in the certification path by selecting the option on this screen. This is very handy if your certificate was issued by a non-trusted certificate authority (for example, Microsoft Certificate Server). Only choose delete the private key if the export is successful to be sure it is not left on the computer (for example if your migrating from one server to another).NOTE: If you do not select "Include all certificates in the certificate path if possible" and the issuer of the certificate is not trusted by your server, then you may notice that when the properties of the certificate are viewed, the "This certificate is issued to:" field may display "Windows does not have enough information about this certificate". This is by design and can be resolved by selecting "Include all certificates in the certificate path" while exporting the certificate.
 
6. Click Next, and then choose a password to protect the PFX file. You will need to enter the same password twice to ensure that the password is typed correctly. When you have completed this step, click Next.
7. Choose the file name you want to save this as. Do not include an extension in your file name; the wizard will automatically add the PFX extension for you.
8. Click Next, and then read the summary. Pay special attention to where the file is being saved to. If you are sure the information is correct, choose Finish.

You now have a PFX file containing you server certificate and its corresponding private key. Be sure to protect this file! You may want to move it to a floppy disk and store it somewhere safe from outside disturbance. Keep in mind, if you run a backup on the server, this file may be saved in that backup if it is still on the server.


This info was found here at MS's website. I am reproducing it here for my own notes.

Comments (0) | Print | Send | del.icio.us | Digg It! | Linking Blogs | 60 Views

Show hide sub form based on radio button with jquery

Posted At : August 22, 2008 3:15 PM | Posted By : Mark W. Breneman
Related Categories: jQuery

I wrote this chunk of code and ended up not using it. So, I thought I would just save it here for my reference, but if it helps anyone...

<script type="text/javascript" src="../js/jquery-1.2.6.pack.js"></script>
<script language="javascript">
function showHide(obj)
{
var showDiv = "#"+obj;
$("div").slideUp("slow");
$(showDiv).slideDown("slow");
}
</script>
<input type="radio" name="honormemory" onChange="showHide(this.value)" value="honor" id="input_radio_honor"> <label for="input_radio_honor">In Honor of:</label><br>
<div id= "honor" style="display:none">   
   Name: <input type="text" size="30" maxlength="36" name="" value=""><br>
   Pass: <input type="text" size="30" maxlength="36" name="" value=""><br>
   Foo: <input type="text" size="30" maxlength="36" name="" value="">
</div>
<input type="radio" name="honormemory" onChange="showHide(this.value)" value="memory" id="input_radio_memory"> <label for="input_radio_memory">In Memory of:</label>
<div id= "memory" style="display:none">
   Name: <input type="text" size="30" maxlength="36" name="" value=""><br>
   Pass: <input type="text" size="30" maxlength="36" name="" value=""><br>
   Foo: <input type="text" size="30" maxlength="36" name="" value="">
</div>

Comments (0) | Print | Send | del.icio.us | Digg It! | Linking Blogs | 146 Views

palm tree lamp Comment SPAM on every post (Will be soon)

Posted At : August 19, 2008 4:29 PM | Posted By : Mark W. Breneman
Related Categories: ColdFusion

Ok, I gotta ask, what do the rest of you do to prevent comment spam. I turned up my Captcha and received less spam, but about an hour ago, I started to get comment spam about "palm tree lamp" 58 so far. At this rate in about an hour there will be comment spam on every blog post I made.



I'm not running a real old version of BlogCFC. Version 5 something... What do the rest of you running Blogcfc do to prevent this?

Comments (6) | Print | Send | del.icio.us | Digg It! | Linking Blogs | 287 Views

Justify form fields using jquery

Posted At : August 18, 2008 12:34 PM | Posted By : Mark W. Breneman
Related Categories: Dev Notes

http://www.jankoatwarpspeed.com/post/2008/07/09/Justify-elements-using-jQuery-and-CSS.aspx

Comments (0) | Print | Send | del.icio.us | Digg It! | Linking Blogs | 130 Views

Command line command for creating sites in IIS

Posted At : August 7, 2008 2:44 PM | Posted By : Mark W. Breneman
Related Categories: Server Notes

iisweb /create D:\IIS "Test Site" /b 8080 /i 192.168.1.100 /dontstart

Here is the rest of the info:

http://thelazyadmin.com/blogs/thelazyadmin/archive/2005/06/01/IIS-Command-Line-Administration.aspx

Comments (0) | Print | Send | del.icio.us | Digg It! | Linking Blogs | 154 Views

Notes on Portcullis

Posted At : July 25, 2008 8:19 AM | Posted By : Mark W. Breneman
Related Categories: Dev Notes

<cfqueryparam cfsqltype="cf_sql_varchar" value="#url.category#">
<br>
<cfif isdefined("application.Portcullis") eq false>
<cfset application.Portcullis = createObject("component","com.fusionlink.Portcullis").init()/>
</cfif>
<cfset application.Portcullis.scan(url,"url",cgi.remote_addr)>

http://www.developer.be/index.cfm/fuseaction/faqDetail/FaqId/301.htm

Comments (0) | Print | Send | del.icio.us | Digg It! | Linking Blogs | 195 Views

Rosted Garlic

Posted At : July 21, 2008 8:45 PM | Posted By : Mark W. Breneman
Related Categories: Food

1 full Garlic bulb (big) 2 tablespoons of olive oil butter salt

Slice off the top of the bulb Pour olive oil on bulb Butter and Salt bulb Wrap in tin foil

Bake 45 min at 400

Comments (0) | Print | Send | del.icio.us | Digg It! | Linking Blogs | 184 Views

ColdFusion & Lucene: Installing Seeker Verity

Posted At : June 30, 2008 3:39 PM | Posted By : Mark W. Breneman
Related Categories: Dev Notes

Search engine, site search, Verity replacement

http://www.bytestopshere.com/post.cfm/coldfusion-lucene-solr

Comments (0) | Print | Send | del.icio.us | Digg It! | Linking Blogs | 464 Views

More Entries

BlogCFC was created by Raymond Camden. This blog is running version 5.9.001. Contact Blog Owner