DLL Tutorial for beginers

by on 22.Nov, 2005 under Uncategorized

Using DLL files in Windows is a really big thing and I’ve found it hard
to find simple tutorials on this topic. Well uptil now at least. Notsosuperhero at Codeguru.com has published a short yet good tutorial on the topic.

More information: http://www.codeguru.com/Cpp/Cpp/cpp_mfc/tutorials/article.php/c9855/

Leave a comment

Branch Office VPN using Watchguard products

by on 22.Nov, 2005 under Uncategorized

Setting up a VPN network between offices can be a hassle. But
with Watchguard products this task can be very easy.

For our test I’ve chosen to use a Watchguard Firebox III at
the main office and a Watchguard SOHO TC6 at the branch office. This is a
fictive network and is just set up to show how easy a task like this can be.

VPN tunnels are becoming more usual between offices due to
the low cost in setting them up; this is mainly because of the relatively cheap
internet connections you can acquire today. Getting a normal DSL line is cheap
if you compare them with dedicated lines between offices. VPN tunnels are also
secure since they use a high level encryption and provide an easy way for
administrators and users to access all the needed networks anytime and from
anywhere. Administrators can access the local and the branch office servers for
maintenance anytime and the help desk has a way to get to the users desktop
even if the user is on the other side of the globe.

In this article we will set up a VPN tunnel between the main
office and one of the branch offices. We will use Watchguard hardware for this
task and show you just how easy this can be when you use the right tools.

Setup

After you have set up the basic rules in your main office firewall
you are ready to set up the tunnel between the main and the branch office. This
article does not go into setting up the Watchguard Firebox firewall; it may
come up in a future article.

1. Setting up the main office firewall.

First of all fire up the administration the Firebox system
manager, after that just open the Policy editor. If you have a Firebox with branch
office VPN (we’ll call it BOVPN from now on) you just need to point your mouse
to the Network, BOVPN menu.

Picture 1

From the BOVPN menu choose Basic DVCP server. This is what
we will make the main office firewall. The DVCP server is the firewall handling
all the incoming requests from the branch offices.

Clicking the basic DVCP server brings up the DVCP client
wizard. With this wizard we will configure the client, meaning the branch
office. The wizard will walk you trough the setup and you will be done in ten
minutes.

Picture 2

First of all we are required to enter a client
name. This
name should describe the branch office in some way. If you have 70
branch
offices you’ll want to find the right one easily. In this example we
will call
the branch office HelsinkiBranchOffice, for those who don’t know it,
Helsinki is the capital of Finland. Then enter the shared key.
The shared key is like a password that the main office and branch
office
firewalls use when they communicate to recognize each other. Use
something you’ll
remember in the future. I’ll use HelsinkiSK112005, short of Helsinki
Shared Key
November 2005.

Picture 3

Clicking next brings us to the allowed resource and the DVCP
addressing. We now need to choose how much of our main network we will expose
to the branch office. We can ad routes later if we see the need to.

In this example let’s assume we only want the branch office
to be able to access our servers and they are located in the 10.10.10.0/25
subnet. For clarity, this means a network with IP:s from 10.10.10.1 to 10.10.10.126
and a subnet mask of 255.255.255.128.

After this we will enter the private network. The private
network is the network the clients in the branch office will be located in. We
use 192.168.0.0/26 which is able to keep a maximum of 62 hosts.

Picture 4

Next is the tunnel protection configuration. For this
example we will use the highest levels this Firewall can supply and the default
key expiration kilobytes/times.

Picture 5

Believe it or not, that’s it. We are now done on the main
firewall. Click Finnish and save the new policy.

Picture 6

2. Setting up the branch office firewall.

Next we need to tell the client firewall where to find it’s
settings from. You can do this on site or by remote administration.

On the client firewall log in to the web front-end and
choose Managed VPN. In the managed VPN mark Enable Managed VPN, set the
configuration mode to SOHO.

The DVCP server address is the external address of you main
office firewall, client name is the name you entered in the wizard earlier and
the shared key also.

For this example the following is what we use.

Client name: HelsinkiBranchOffice

Shared key: HelsinkiSK112005

Picture 7

After that just hit submit and let the SOHO
reboot. You’re done and the tunnel should be open.

Leave a comment

Secret Windows Project?

by on 22.Nov, 2005 under Uncategorized

For the past two years, Microsoft has been developing a second operating system!

Written from the ground up, Microsoft’s "Singularity" operating system
is written in C# and has stability as it’s main focus. There are no
imediate plans to market the still in development operating system as
of yet, but that could change down the road.

More Information: Microsoft-Watch.com

Leave a comment

Understanding Groups on the Windows Server Platform

by on 21.Nov, 2005 under Uncategorized

This article deals with the concept of groups in Active Directory. Active Directory was first introduced by Microsoft in its server operating systems on Windows Server 2000 as a method of providing better organization for the users, groups, computers and other objects in the domain.

If are new to the wonderful world of Information Technology, or at least to the Windows Server platform, groups as discussed in this article may be a foreign concept to you. Even if you have been working with Windows Server products in the past, you still may not know everything you think you know about groups; many things have changed over the past through years.

I started on Windows NT 4 server a few years ago and to me, a group was simply a logical grouping of users. Sure, that’s a simple way of looking at them. But in order to use groups to their fullest capacity, we need to understand the different types of groups, their scopes, and the options that are available to us. Read On!

In This Article:

Why Are Groups Needed?

Let’s say that you are a teacher. Which is easier: to refer to each of your pupils individually or simply refer to them as your class? Instead of saying "Attention class," you would not say "Johnny, Bobby, Sue, Jane…. Listen up!"- it would take too much time. Groups provide you with the ability to logically lump certain Active Directory objects, mainly users and computers, together to make things easier on the administration side of things.

Group Types

Have you every heard the saying "there are 10 types of people in the world: those that understand binary and those that can’t"? Well the same goes for groups, there are only two types: Distribution and Security.

Most of the time, you will create a Security group. In fact, this is the default group type when you create a group using the Active Directory Users and Computers interface. In order to set permissions based on a group, the group type must be Security. If you are coming into this article with a bit of NT4 experience, Security Groups were the only type available in those days.

Distribution groups are used primarily for email application. An email sent to a group would be sent to each of the groups members. This is possible with a Security group, depending on the email application you are using.

Since Security Groups are the most commonly used type of group, we are going to focus only on Security Groups from here on in. Distribution groups may be covered in a later article.

Domain Functional Level (DFL)

What is Domain Functional Level and what does it have to do with groups? The Domain Functional Level is a new concept for Windows Server 2003. It is essentially a setting configured in Active Directory Users and Computers that is used to discern which Active Directory features will be available in your domain.

As ideal as it would be, very few organizations use the newest hardware and operating systems. Because of the possibility of having Domain Controllers running NT4, Windows 2000 and Windows Server 2003 operating systems in the same domain, compatibility is an issue. To ensure backwards compatibility, the DFL is used to disable the ability to use features that are not built into Active Directory on all of the server operating systems in your domain.

There are four available Domain Functional Levels available. Listed below are the four levels as well as which operating systems may reside in a domain sporting that DFL.

DFL
NT4 Compatible
Windows 2000
Windows Server 2003
Windows 2000 Mixed (Default)
Yes
Yes
Yes
Windows 2000 Native
-
Yes
Yes
Windows 2003 Interim
Yes
-
Yes
Windows Server 2003
-
-
Yes

Table 1: Domain Functional Level Types

Think of the first DFL listed, Windows 2000 Mixed, as the most compatible. Windows 2003 is only available when the entire domain or forest is running Windows Server 2003 domain controllers, making it the least compatible.

A server cannot be set up as a Domain Controller if it does not meet the operating system requirements of the Domain Functional Level. Once the DFL is raised, it can’t be lowered. Plan wisely! Also note that the Domain Functional Level is only concerned with the operating systems installed on Domain Controllers; member servers don’t influence the DFL.

Knowing what effect the Domain Functional Level has on your domain is important when talking about groups because some of the features related to groups are enabled or disabled depending on the DFL. A list of some of the group-related features that different DFLs support is listed as follows.

Domain Feature
Windows 2000 Mixed
Windows 2000 Native
Windows Server 2003
Universal Groups
Enabled for Distribution
Disabled for Security
Enabled for both Group Types
Enabled for Both Group Types
Group Nesting
Enabled for Distribution
Disabled for Security1
Enabled
Enabled
Group Conversion
Disabled
Enabled2
Enabled2

Table 2 : Group-related features enabled by different DFLs

1 Domain Local Groups may have Global Groups as members
2 Groups can be converted between Distribution and Security types freely
Domain Functional Levels, as well as Forest Functional Levels, are a large topic and will not be discussed in its entirety. This may be the focus of a future article.

Group Scopes

The scope of a group defines to which extent a group’s attributes apply in a domain. In other words, a Local group only applies on the local machine, but Global groups are recognized throughout the domain. The four types of Group Scopes are explained below.

Local Groups

Local Groups, also known as Machine Local Groups, are configured by default on all Windows 2000, XP and Server 2003 computers. A Local Group, as the name implies, is only functional machine-wide; permissions assigned to the group are only valid on the local machine.

By default groups such as Administrators, Power Users, Backup Operators, Guests can be found on local machines in the Computer Management Console. When a server is promoted to the role of a Domain Controller, local groups are disabled. The remainder of this article will focus on the remaining group types.

Global Groups

Global groups are usually created to gather users or computer with a similar job function. You might want to put all of your users, for example, from the Sales department into a Sales Global Group. While you may only add computers or users to a Global Group from your own domain, permissions can be assigned to a Global Group for resources in any domain in your forest or trusted domains outside your forest.

Domain Local Groups

Domain Local Groups are usually created based on the resources they will be applied to. To understand how Domain Local Groups are used, let’s look at this example:

You have a Global Group named ‘Marketing’ containing all of the user accounts for your company’s marketing team. Members of the marketing group require access to a special color laser printer to print out promotional material and also to access the material created by your Graphic Design department. In order to do this, you can simply nest the Global Marketing Group inside the Domain Local Groups ‘Color Printer’ and ‘Promo Material’ that were created for each resource.

When a new employee is added to the marketing department, you can simply add the user to the Marketing Global Group and they will be given permissions automatically to the promotional material folder and color laser printer. This is process is known as group nesting, which we will talk about shortly. If your Graphic Design department requires access to the color printer, you can add them to the Domain Local Group ‘Color Printer’ and they will be given the permissions granted to that printer from the ‘Color Printer’ group.


Figure 1: Nesting Global Groups inside Domain Local Groups

Universal Groups

Universal Groups can grant access to resources in any trusted domain in which the Domain Functional Level is set to Windows 2000 Native or Windows Server 2003. This is because Universal Groups are not supported by Domain Controllers running Windows NT4.

The best practice is to avoid adding users to a Universal Group. This may seem strange, but it all comes down to a concept called ‘Replication’. This is where Domain Controllers exchange Active Directory information between themselves. If you have a background with routers, this can be compared to ‘Convergence’. If a user is added to a Universal Group, all of its information must be sent to each Domain Controller. This can use unnecessary amounts of bandwidth during the replication process. You should add your users to a Global Group and then nest that group within a Universal Group. Then only information about the nested group must be replicated, saving bandwidth and reducing replication time. We’ll talk about group nesting next, so don’t worry if you are unfamiliar with the topic.

Group Nesting & Conversion

We may not realize it, but we are always ‘nesting groups’ in our everyday lives. Group nesting is a lot like categorizing. We start out with the broadest description and work our way down to the most accurate. For example, you may live in a city. Nested within that city is a neighborhood. Within that neighborhood are streets and within a street are blocks. As you can see, nesting is not a difficult concept. The difficulty comes when thinking about all of the rules that apply when nesting groups.

Rather than remembering which groups can be nested within others, it is easier to remember which groups can’t be nested.

Whether the reason is the restructuring of your domain or even just a mistake made at the time the group was created, you are able to convert existing groups to different group scopes. Some conditions do apply, however.

The following chart should help to explain what conversion and nesting capabilities are available for each type of group.
Domain Local
Global
Universal
Conversion
Domain Local
Same domain
No
No
No to Global
Yes to Universal
Global
Same domain
Yes
Yes
Yes to Universal1
No to Domain Local
Universal
Yes
No
Yes
Yes to Domain Local
No to Global2

Table 3: A quick snapshot of Group Nesting and Conversion

1 Only if the Global Group is not nested within another Global group because Universal Groups cannot be nested inside Global Groups
2 This is not possible only when there are nested Universal Groups because Universal Groups cannot be nested inside Global Groups

Further Reading

Leave a comment

20 years with Windows

by on 21.Nov, 2005 under Uncategorized

Our all time favorite OS / GUI celebrated its 20th birthday
yesterday. Microsoft published Windows 1.0 November 20th 1985. Some might say
the world has only gone downhill since that day, but whether you hate it or
like it you have to admit one thing, Windows has made the computer world what
it is today. I’ll let others argue if the influences have been good or bad.

1 comment

« Previous PageNext Page »