My little part of the Internet

Category: Windows (Page 2 of 2)

Controlling SSL Ciphers on Windows 2003/2008 Server

On Windows 2003/2008 Servers running anything over SSL (ie HTTPS) via applications like IIS, Terminal Services (SP1+) and ISA Server even if the application can set ‘Force 128bit encryption’ other weak ciphers are still availible on the server.
 To stop this:
1) Backup your registry or at least export the key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNEL
2) Copy below into a text document and rename to .reg

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsPCT 1.0Client]
“Enabled”=dword:00000000

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsPCT 1.0Server]
“Enabled”=dword:00000000

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsSSL 2.0Client]
“Enabled”=dword:00000000

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsSSL 2.0Server]
“Enabled”=dword:00000000

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELCiphers]
“Enabled”=dword:00000000

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELCiphersDES 56/56]
“Enabled”=dword:00000000

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELCiphersRC2 40/128]
“Enabled”=dword:00000000

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELCiphersRC4 40/128]
“Enabled”=dword:00000000

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELCiphersRC4 56/128]
“Enabled”=dword:00000000
 

3) Double click the .reg file to run and answer Yes to dialog
4) Confirm working ciphers.  A good site is http://www.serversniff.net/content.php?do=ssl 
 Have fun

Making Bootable Windows CD/DVD’s

Just a refresh and a quick note here…..
Main things to do:

  1. Put all the files into a main folder
  2. Get a copy of the boot files (various places including http://www.tacktech.com/pub/microsoft/bootfiles/bootfiles.zip)
  3. Use Nero to burn a new Bootable DVD/CD
  4. When the dialog opens, set Bootable Disc Type: to No Emulation.
    Click the “>>Advanced” button, and set the Load Segment: to 0x000 and the Sector Count: to 4. Now click “Browse” where the dialog asks you to “locate the image file that contains the bootable image.”
  5. Follow the usual process to make the DVD, remembering to keep a copy of the ISO/NRG image 🙂

Good luck

Windows Automated Installations – What to call workstations

One of the big problems I have found when creating build systems for companies is what to call machines when they are being built.
A good idea a few companies I have worked at is to use the vendor serial number that is affixed and labeled all over the machines.  On Dell machines its called the ‘Service Tag Number’
How to pipe that into installations is another story but if you are doing simple cloning using Ghost, PQ or Altris then this handy VBscript may come in useful.  It extracts the Dell Tag number using WMI and then sets a SYSTEM environment varible called DellTag
BTW – I’m not a hardcore coder so if anyone can make it better then please advise!  Fragments were made using the excellent Microsoft Scriptomatic2 tool.
‘ DellSN.vbs

‘ Version 1.0 – Kevin Iddles, Yawns.com Limited

‘ Script to extract Dell Tag Number from BIOS using WMI
‘ Outputs Dell tag to screen and sets a SYSTEM environment varible accordingly.

‘ Call from CMD by using —-  cscript //NoLogo DellSn.vbs
‘ Obviously will need to open a new session to pickup the setting

‘On Error Resume Next
Const wbemFlagReturnImmediately = &h10
Const wbemFlagForwardOnly = &h20

Dim strSN
‘ Start Get the Dell Asset number from BIOS
   Set objWMIService = GetObject(“winmgmts:\.rootCIMV2”)
   Set colItems = objWMIService.ExecQuery(“SELECT SerialNumber FROM Win32_BIOS”, “WQL”, wbemFlagReturnImmediately + wbemFlagForwardOnly)

   For Each objItem In colItems
      WScript.Echo objItem.SerialNumber
      strSN = objItem.SerialNumber
   Next

‘ Debug – Echo results set in var
‘ Wscript.Echo strSN

‘ Start Set Env

‘ This gets set as a SYSTEM varible – user must be a local administrator for correct permissions
  Set EnvClass = GetObject(“WinMgmts:\.rootcimv2:Win32_Environment”)
  ‘ Make a new instance of that class
  Set EnvVarInst = EnvClass.SpawnInstance_
  ‘ File in the key props and props of interest on that instance
  EnvVarInst.UserName = “<SYSTEM>”
  EnvVarInst.Name = “DellTag”
  EnvVarInst.VariableValue = strSN
  ‘ Write the new instance in to WMI
  EnvVarInst.Put_
‘ End Set Env

Newer posts »

© 2024 Kevsters Blog

Theme by Anders NorénUp ↑