Author: allen

Build a USB Stick for Windows Installation

~ allen ~ Leave a comment

After the ISO file of Windows installation disc downloaded, it’s possible to build a USB stick instead of burning a DVD disc.

To do that, you need a USB stick not less than 8GB as well as a working Windows. During the process, all data on this USB stick will be removed.

 

Phase 1: Preparing the USB stick

  1. From Windows client, run DiskPart as administrator. A console will be shown with the prompt “DISKPART> ” (without quotes, the same below).
  2. Enter “list disk” and press Enter. All disks will be shown with a number.
  3. Enter “select disk x” and press Enter. Replacing x with the number of disk shown in the step 2. If you run the step 2 again, you can see a star before the disk you selected.
  4. Enter “clean” and press Enter to clean the drive.
  5. Enter “create partition primary” and press Enter to create a partition filled this drive.
  6. Enter “format fs=fat32 quick” and press Enter to format this partition quickly with FAT32.
  7. Enter “active” and press Enter to mark this partition as active.
  8. Enter “assign” and press Enter to assign a letter to this drive.
  9. Enter “exit” and press Enter to quit DiskPart.

 

Phase 2: Copy files into this drive.

You just need to copy all files within the ISO file into this drive, making the root of this drive the same as the ISO file system. Do not put these files into any sub folder.

 

Phase 3: Optional, only if the Install.wim larger than 4GB.

If Install.wim is larger than 4GB, you cannot put it into this drive because no file larger than 4GB can be put into a FAT32 based partition beyond the limitation. You have to split it into smaller files. All other files should be copied as described in Phase 2.

To do that, you need to run this command:

DISM /Split-Image /ImageFile:d:\sources\install.wim /SWMFile:e:\sources\install.swm /FileSize:4096

It will split the install.wim from drive D into the USB stick drive E. Change these paths in your case.

 

Now you can use this USB stick to boot your computer and start the installation process like from the disc.

The sad thing is if you had to prepared this stick through Phase 3, the installation will be slower due to merging process, but nothing will be different in your installed system.

Increase WSUS downloading speed

~ allen ~ Leave a comment

The downloading of updates in Windows Server Update Services (WSUS) is based on Background Intelligent Transfer Service (BITS). BITS is designed to download big files using idle bandwidth only. If you need to speed up the downloading process, you may change it to use a foreground mode.

 

To do that, you need a SQL Management Studio to connect the database used by WSUS. The database name is SUSDB. You can run this command in that database specified:

update susdb.dbo.tbConfigurationC set BitsDownloadPriorityForeground=1

For reversion, run it again with replacing the 1 to 0.

 

极路由绑定迅雷远程下载的另类方法

~ allen ~ Leave a comment

极路由可以通过安装云插件,成为一个迅雷远程下载的客户端。

但在绑定的过程中,由于极路由当前的设计思路,偶尔会出现无法正常绑定的情况。表现为在管理界面中显示出空白页,甚至直接显示出极路由公司首页。这些都导致无法将此路由绑定到迅雷。

如果碰到此类问题,可以通过这种方法绕开系统默认的绑定机制:

  1. 在内网的任何一台电脑上访问http://4006024680.com:9000/getsysinfo。如果你已经知道路由器的IP(默认为192.168.199.1),而且你的DNS未设置为默认,也可以直接使用路由器的IP地址代替4006024680.com的部分。浏览器会返回一行文字,其中一个引号中包括了6位英文和数字的组合。将其复制下,不包括引号。
  2. 访问迅雷远程下载网站http://yuancheng.xunlei.com。左侧上方找到添加按钮,输入复制的文字即可完成绑定。
  3. 之后就可以直接使用迅雷客户端或者迅雷的远程下载网站来分配任务了。并不需要在路由器中再进行绑定的操作。

Mixed Windows Authentication in IIS 8.5 (ASP.Net)

~ allen ~ Leave a comment

Update:

Actually, this not works. It looks OK because of the cache of client. There is no way to do this as I know.

Original:

 

I got a case recently to build a site in IIS 8.5:

  • When the visitor is logged on to the desktop with domain account, use this account for this website.
  • When the visitor is not using domain account, do not pop up a login window asking for domain account, redirecting to a version for anonymous instead.

I thought it’s simple in IIS setting but I was wrong. The anonymous cannot work parallelly with Windows authentication.

After some digging in Google, I started my test:

  1. Deploy the site by using anonymous authentication.
  2. Select the login page for detecting domain user and change that page to Windows authentication instead of anonymous model.
  3. Add a custom page for this page on error 401. Model is set to “Execute a URL on this site”.

It works good but…

When the login page opened, it should contain a Url as parameter for returning back to the original page. So I have to deal it in the customized 401 page. I turned that page to an ashx with the command context.Response.Redirect. The URL for returning can be cut from context.Request.RawUrl.

After that, it went wrong. Form the same server which has the IIS installed, it still works well. But when I try this page on another computer, it will always redirect to the anonymous version page no matter it’s from the desktop logged with domain account or not. I’m sure that the site is added as Intranet zone and automatically logon is set in this zone.

Checked by network monitor, the browser will not get the 401 response in this scenario. As the ashx file request, only the 302 code is returned. That’s the reason why the browser won’t be notified to logon with the current user.

The solution is: if you want to use ashx with redirect function as a customized 401 page still, do not use context.Response.Redirect. Instead, try to do that with an HTML function with the 401 code in HTTP response.

context.Response.Status = "401 Unauthorized";
context.Response.StatusCode = 401;
context.Response.ContentType = "text/html";
context.Response.Write(@"<html>
<head>
<title>Redirecting</title>
<meta http-equiv=""refresh"" content=""0; url=" + redirectUrl + @""" />
");

It works like a charm.

I guess (yes, guess) when the browser get a 401 response first time, it will retry to the previous submitting/navigation with the domain account for login. If it’s failed again, it will pop up a login window after the html page is displayed. So as I required in HTML code, after it navigate to another page, the browser has no chance to display the login window. That’s the deal.

All I’m sure is it really works well. Hope it useful to you.

A way to run nearly all functions of dotNet from SQL Server

~ allen ~ Leave a comment

Last night, I got a case to write a function in SQL Server 2005 to support the user account and password check against Active Directory. The user requirement is quite clear:

  • Create a scalar-valued function named LDAPUserCheck;
  • Parameter @username nvarchar(MAX) for user name to check;
  • Parameter @password nvarchar(MAX) for password matching the username specified;
  • Return bit 1 if succeeded, or 0 for all other reasons.

After a digging, I found that LDAP password authentication is not supported directly by SQL Server. But SQLCLR is a way to build the native dotnet program into SQL Server. In a new created SQLCLR project in VS 2005, I realized it’s unable to add the reference System.DirectoryServices.AccountManagement, which is required by running the code for Active Directory authentication. But a Web Service is a choice.

My steps to achieve that:

1 Create and deploy a Web Service for the authentication check.

1.1 Create a Web Service project.

1.2 Add System.DirectoryServices.AccountManagement as a reference.

1.3 Add a setting DomainName as string for storing the domain name.

1.4 Add a service like this:

    public class LDAPAuthentication : System.Web.Services.WebService
    {
        static string domainName = Settings.Default.DomainName;

        [WebMethod]
        public bool Check(string userName, string password)
        {
            using (PrincipalContext pc = new PrincipalContext(ContextType.Domain, domainName))
            {
                // validate the credentials
                bool isValid = pc.ValidateCredentials(userName, password);
                return isValid;
            }
        }
    }

1.5 Deploy this service and use a application pool running by a domain user. This user should be added to IIS_WPG group in Windows Server 2003.

2 Create a SQLCLR project to call the Web Service.

2.1 Create a SQLCLR project in Visual Studio 2005.

2.2 Add a Web Service reference. It’s named as LDAP in my project.

2.3 Add a User Defined Functions.

    [Microsoft.SqlServer.Server.SqlFunction]
    public static SqlBoolean LDAPUserCheck(
        SqlString username, SqlString password)
    {
        using (LDAPAuthentication.LDAP.LDAPAuthentication service = new LDAPAuthentication.LDAP.LDAPAuthentication())
        {
            if (service.Check(username.ToString(), password.ToString()))
            {
                return SqlBoolean.True;
            }
            else
            {
                return SqlBoolean.False;
            }
        }
    }

2.4 Set Permission Level to External in Database page of project setting.

2.5 Build this project to get the dll files. In my case, these files are named LDAPAuthentication.dll and LDAPAuthentication.XmlSerializers.dll.

3 Deploy this project into SQL Server 2005.

3.1 Enable the CLR support in SQL Server 2005 by running this code:

sp_configure 'show advanced options', 1;
GO
RECONFIGURE;
GO

sp_configure 'clr enabled', 1;
GO
RECONFIGURE;
GO

sp_configure 'show advanced options', 0;
GO
RECONFIGURE;
GO

3.2 Create a database for storing this function. Or, you can use any existed database as well. In my case, I created a database “tester”.

3.3 Set trustworthy on this database by running:

ALTER DATABASE [tester] SET trustworthy ON

3.4 Copy the 2 dll files created in step 2 to this server. In my case, these are stored in C:\SQLCLR folder.

3.5 Create assemblies in SQL Server by running:

create assembly [LDAPAuthentication] from 'C:\SQLCLR\LDAPAuthentication.dll' with permission_set = external_access
create assembly [LDAPAuthentication.XmlSerializers] from 'C:\SQLCLR\LDAPAuthentication.XmlSerializers.dll' with permission_set = external_access

3.6 Create function to run the method we’ve created in VS 2005:

CREATE FUNCTION [dbo].[LDAPUserCheck](@username [nvarchar](4000), @password [nvarchar](4000))
RETURNS [bit] WITH EXECUTE AS CALLER
AS 
EXTERNAL NAME [LDAPAuthentication].[UserDefinedFunctions].[LDAPUserCheck]

Now everything is done. You can call this function like all others created by SQL. Run this for test.

select dbo.LDAPUserCheck('myusername','mypassword')

 

Testing ZeroShell in enterprise

~ allen ~ Leave a comment

Hi.

ZeroShell 3 is launched recently, including many new features. I was a fan of this router software for several years and it works like a charm in my Net5501. Now I’m trying to introduce it to the company which I work for.

I deploy this software twice in my company. One is for a virtualization desktops, powered by QoS. This is quite necessary for a network which contains more than 100 clients for internet accessing.

Another one is for all mobiles and pads, powered by Captive Portal. But this function doesn’t work like predicted. Mobiles which joined this network by AP will not pop up a login page automatically. In some restaurants and hotels, after a device joined a network, a web page will be pop up automatically for login, but this function is still missing in this release of ZeroShell.

One more defect is about DHCP server. User defined options are not supported yet.

 

Reset LaunchPad in OSX Yosemite

~ allen ~ Leave a comment

In OSX Yosemite, the way for resetting LaunchPad has been changed.

New command is:
defaults write com.apple.dock ResetLaunchPad -bool true; killall Dock

Warning: By resetting LaunchPad, all settings related to LaunchPad will be removed like position of icons and groups.