One of the things I needed to do at work was to give myself remote desktop capability to a terminal server on my networks for off-site administration.
To do this, I logged into my ASA 5505 and used the following commands:
access-list acl_out permit icmp any any access-list acl_out permit tcp any interface outside eq 3389 global (outside) 1 interface static (inside,outside) tcp interface 3389 Terminal-Server-IP 3389 netmask 255.255.255.255 0 0 access-group acl_out in interface outside
On one of my devices, I couldn’t figure out why it wasn’t working, but it turned out that I had forgotten the last command which enables the access-list on the outside interface.
One important note here is that you should make sure the name “acl_out” is appropriate for your configuration. If you’re not sure, you can use “show access-list” to figure it out. Also, make sure you replace “Terminal-Server-IP” with the internal IP address of your server.
Oh and this isn’t exclusive to Remote Desktop either… you can replace 3389 with any port needed (ie 80 for web or 110 for POP, etc).
So, at the hospital and corporate offices, I wanted to setup our wireless access points to have both a “private” domain-connected link AND a “public” guest-access link for visitors. This way, contractors, vendors, clients, etc can bring their laptops in and get Internet access, and employees can connect to the server without intruding on each other.
Our firewall device is a Cisco ASA 5505, and since I have two Cisco Aironet AP’s, I have them connected to the ASA’s PoE switch and mounted in the ceilings at the office.
The AP’s are easy to configure… just configure the SSID’s to use the right VLAN’s that will be configured on your ASA. It’s the ASA that is tricky, because there’s a pretty hefty pre-requisite for it—you MUST be licensed for the Security Plus package in order to take advantage of trunking and multiple VLAN’s. You’ll also want it to have unlimited user licensing too.
In the example below, I use VLAN 1 (for my “outside” VLAN), 2 (for my “inside” VLAN), and 3 (for my “GUEST” VLAN). Once you have that decided on, Telnet or SSH to your ASA, login, and enter “enable” mode and “configure terminal” to get started, then type these in:
interface Vlan3
nameif GUEST
security-level 50
ip address 192.168.1.1 255.255.255.0
interface Ethernet0/6
description Trunk Port for Wireless AP
switchport trunk allowed vlan 2,3
switchport mode trunk
interface Ethernet0/7
description Trunk Port for Wireless AP
switchport trunk allowed vlan 2,3
switchport mode trunk
dhcpd address 192.168.1.100-192.168.1.200 GUEST
dhcpd enable GUEST
nat (inside) 1 0.0.0.0 0.0.0.0
nat (GUEST) 1 192.168.1.0 255.255.255.0
The “interface Vlan3” section configures the GUEST VLAN, the two “interface Ethernet0/*” sections configure the two PoE ports on the ASA as trunk ports that will accept traffic from VLAN’s 2 and 3 (inside and guest), and the dhcpd commands enable DHCP on the Guest VLAN with a 192.168.1.100-200 IP range (101 clients, just in case the dalmations want to use their laptops). If your AP’s are connected to switches rather than the ASA, you need to issue all of these commands (except the dhcpd commands) on the appropriate switches and switch ports as well.
Oh, and if you’re like me, you probably use ASDM more often than the command line… you can copy/paste the entire code segment above into the Tools > Command Line Interface > Multiple Commands option.
That’s it. Since the Guest VLAN has a security level of 50, it shouldn’t overlap with your Inside VLAN (which is usually 100), and the ASA will automatically configure the appropriate access lists (although any specialized needs will need to be done on your own).
So at work lately I’ve been getting all sorts of cool stuff because of our main office moving into a new building and our surgical center expanding into a full-fledge hospital.
At the main office, we purchased a couple Cisco Catalyst Express 500 switches to replace aging Intel and Cisco switches. Nothing fancy with these switches… just 24-port switches with 2 gigabit uplink ports, and 4 of the ports on one switch are Power-over-Ethernet (PoE) ports, so our two wireless access points don’t need big honking power bricks.
A quick note about this switch model… DO NOT ATTEMPT TO DO THE INITIAL CONFIGURATION FROM A WINDOWS VISTA / WINDOWS 7 / WINDOWS SERVER 2008 system… it most likely won’t work and will refuse to give you a valid “setup” connection. You must use a PC with Windows 2000 or Windows XP on it. I don’t really know why that is, and it’s pretty stupid, but there you have it. Once the initial configuration is done though, you can access the web config pages just fine using those versions. Here’s a partial shot of it sitting on my TV tray at home tonight:
At the hospital, I have been busy installing equipment into our new rack in the server closet. This includes two HP ProLiant DL380 G5 servers, a Tripp Lite KVM switch, and a Cisco Catalyst 3750G network switch. The servers were a piece of cake to setup since that’s what I do best, and the KVM just makes accessing those servers really easy, but the 3750G switch is another story. It’s going to take a lot of effort to revamp my network infrastructure over there, so next week is going to be very busy and involve a bunch of late nights. Here’s some shots of the equipment:
Of course, if you’re not paying attention, in a hurry, exhausted, living in Australia, and/or just plain stupid for a few minutes, this is what can happen:
Anyway, I definitely recommend any of this equipment to IT people needing good solutions.
One of the cooler features of Windows 7 from an end-user perspective is the level of customization available through the themes engine.
Customizing the appearance of Windows has been a long-time tradition for users extending back since the very early versions of Windows via window coloring and ranging all the way to the “Plus!” packs for Windows 95 and 98 that offered dozens of icon/sound/background/screensaver packages. Unfortunately, themes took a backseat though in Windows XP where there were only a handful of themes released by Microsoft, and it took 3rd party applications to hack DLL’s and settings to go further. In Vista, slightly more customization is available, but it’s still very limited, and still often requires 3rd party applications.
Windows 7 seems to be bringing themes back with a vengeance, however. You can still set your background images, screensaver selections, mouse cursor and sound selections and even window colors, but Windows 7 also allows you to save those themes as packages that can be redistributed to others. What’s more, you can select any number of background images and set them to rotate on a timer. After setting your theme the way you like it, you can save it as a complete package and send it off to your friends.
Windows Live Mesh is Microsoft’s new answer to file synchronization and remote desktop access… and potentially, a lot of other functionality as the service develops.
Mesh allows you to sync your data in multiple ways:
You can sync data directly from PC to PC (or even PC to PC to PC, etc).
You can sync data to the web using the Live Desktop, so that you have access to it from other computers through web access.
You can access your PC (or PC’s) through a web-based remote desktop client so that you’re able to work on your computer as if you’re sitting at the computer.
You can sync data to the web and share it with other users, and keep that data synchronized across those computers and users.
Confused yet? It’s a bit much to take in at first glance, but here’s how it works in the real world…
There really is more than one way to skin a cat, and when it comes to doing things on the computer, that is most certainly true. Most Windows users have at least heard of Remote Desktop for accessing their computers remotely, but what happens when you want to share your computer with other users for presentations or for assistance—especially when they’re not on your network?
Well, if you use the built-in Windows Messenger tool on XP there is a Remote Assistance option that worked but not very well and was never very widely known or used, so third-party tools have been released over the years like pcAnywhere, WebEx, GoToMeeting, Bomgar, and many many others. Even Microsoft has released LiveMeeting and recently they’ve released Live Mesh synchronization tools that also include a better version of Remote Desktop. Of course, except for Live Mesh (which still isn’t multi-user friendly), all of these third-party tools are expensive.
However, there is finally a tool from Microsoft that’s worth its weight in gold as a WebEx/GoToMeeting replacement, and it’s entirely free! The tool is Microsoft SharedView.
I’ve been using Firefox for a few years now since it reached version 1.5 while I was at Muskingum College. At first, I didn’t really like it that much, but as the college web manager I had to test all my page content in multiple browsers to make sure things looked right for everyone. In fact, it wasn’t until 2.0 was released that I finally made the switch to Firefox full-time from Internet Explorer.
For me, the biggest reason to switch is all the add-in extensions and themes you can get to make it look and work the way you do. Here’s a list of extensions that I use every day…
AdBlock Plus – AdBlock is my favorite tool, because as its name suggests, it blocks out all the advertising on web sites. When I go to a web site, I see it very clean without all the clutter of flashing ads demanding I click the monkey and whatever else is out there today. You can use their own suggested filter sets, or you can customize your own like I do. I also have sites that are excluded from my filtering, because I like the web site enough to allow the ads to make the site some money (Hooray jkOnTheRun and GottaBeMobile!).
Here’s a comparison shot with and without ads:
Feed Sidebar – Feed Sidebar is a convenient way of reading RSS News Feeds. I have 26 tech-oriented web sites that I depend on for news happening in the tech world and a handful of personal blogs that I read as well. Visiting each site on a daily basis takes forever, so RSS feeds allow me to get the headlines very quickly and then allow me to choose which articles/posts I want to read. Feed Sidebar allows me to bookmark the RSS feeds right inside the browser and then just click on the headline to open the page, and I don’t need 2-3 windows open to do it.
Foxmarks – Foxmarks is my second favorite tool, because it keeps my bookmarks and passwords synchronized across multiple computers. I have my server, laptop, tablet, and work laptop that I use all the time, so this allows all of my information to follow me around without any effort. The best part is being able to setup profiles so that my work laptop (for example) doesn’t get cluttered up with my personal stuff, but I still have access to the work bookmarks from home.
IETab – IETab is another personal favorite, because as a web guy, there are some sites that still behave better in Internet Explorer. Unfortunately, it’s a hassle to have to switch browsers all the time, so I depend on IETab to make it easier. Here’s how it works… I’m in Firefox and browse to a web site that depends on IE—let’s say the Windows Live Mesh web site, because it uses ActiveX controls. So I get there, and I right click on the page and say, “View in IETab” which makes the page reload itself (in Firefox) using the IE engine. I haven’t left Firefox, but I see it as it’s designed to look. Best of all, I can configure IETab to ALWAYS open certain pages in IETab mode, and I can even bookmark them in Firefox so that they sync to my other PCs.
Web Developer Toolbar – This is the only extension I use that isn’t used every day… at least, not any more, since I’m not actively doing a lot of web design work these days. This is a collection of tools and links that assist greatly in developing web pages. As the Muskingum web manager, I used it to examine all my CSS files to make sure my stylesheets were setup properly and also used the code markup validation tools to make sure the code I was writing was standards compliant and not just some mishmash of nonsense.
Office 2007 Black – This is the theme style that I use, because it matches the Windows XP Zune theme, Vista Aero Black, and Windows 7 Slate, and Office 2007 Black themes really well. It’s dark, but it has easy-on-the-eyes contrasts to make it so it’s not blinding you while you surf the web.
There are literally 100’s of themes and add-ons available for Firefox, some of them more useful than others. I prefer a minimalist approach and only install and use the ones that are truly useful to me. Internet Explorer has always had a lot of similar plugins, but they’ve never made it this easy to find them or manage them. One of the great things about Firefox is that if I don’t want an add-on anymore, I right click it in the list of add-ons and choose uninstall. Also, when there is a new version available, it prompts me to install it or not at my own convenience rather than just doing it behind the scenes.
If you’re not using Firefox, you should at least check it out and see if it fits your web surfing habits. If you do, check out these extensions or others while you’re at it.
In Windows 7, there is a new file organization option called "Libraries" that allows you to group files and folders in multiple locations together, but only symbolically, not literally, that way each file and folder stays where it belongs and you’re not moving them all over the place.
The simplest explanation of the libraries is that it acts more like the way a 5-subject notebook works or a REAL briefcase (not that pathetic attempt at synchronization Microsoft used to have).
The default libraries, while nice examples, aren’t very useful for teaching how they work, so let me paint a picture of how I work and use libraries…
As a system administrator, I’m constantly downloading and installing new programs to test for people to make sure I can either support them or know which apps to keep people away from. I use the default "Downloads" folder in my user profile to store all of those downloads long-term, and they’re organized into categories there.
However, the stuff I’m immediately working with or testing or haven’t yet tested gets stored to my desktop in a separate Downloads folder. After testing it out, I move it where it belongs if I intend to keep it.
Before libraries, I had to constantly browse to both locations, and it was a pain in the butt with several windows open to move stuff back and forth… certainly doable, but not convenient.
Now, I have a library that indexes BOTH Downloads folders, and when I want to re-organize things… no more multiple windows… here’s what it looks like:
Simple, yes? Well, there’s a big limitation in Beta 1… you can’t add removable storage to libraries (like flash drives, cameras, CD’s, network shares, etc). Hopefully they’ll change that by release, because I’d love to include my network server share in that library as well, along with a flash drive.
But like I said, it’s a lot like a 5-subject notebook… they may be related in some way — classes, or work, or projects, or whatever you call it — but they all have their unique locations and qualities that you choose to group at a given moment. But the neat part about this 5-subject notebook is that each section can make a guest appearance in multiple libraries… so my Downloads also appears in my "Documents" library, and my "Windows 7 Screenshots" also appears in my "Pictures" library, etc.
And now that I think of it… maybe that’s why it’s called a Library… since the same book can appear in multiple libraries.
Wow, what a great find by istartedsomething.com! The Windows 7 Problem Steps Recorder allows an IT professional and even the most basic end user to accurately and completely document an issue the user is having, and then email the report to the IT professional for analysis. This is definitely a tool I can’t wait to start using…
To get started, click the start button, click in the search bar, and type psr.exe then press Enter.
Next, click the "Start Record" button.
Then, record the exact process that you use to duplicate the problem… For example, if you are taking an action in Word that causes it to crash or generates an error, take those steps.
When you get to a point that it generates the error, you can use the PSR’s "Add Comment" button to make a note about what you’re trying to accomplish.
When you finish, click "Stop Record", and it will prompt you for a filename. Save this somewhere convenient like your Desktop or Documents folder.
Finally, click the down arrow next to the help button and choose Send to E-mail Recipient… this will open an email message so that you can send it to your tech support contact.
Seven. The number since ancient times and through many cultures and religions has meant perfection. Perhaps it’s fitting, then, that Microsoft has finally gotten things right with Windows 7.
I downloaded the beta version on Wednesday night, but due to work I just haven’t had time to mess with it until today. That said, it has been worth the wait, because my experience with it today has been nothing less than spectacular, and I am so pleased and impressed with the results that I have decided to adopt it as my primary operating system on a full time basis.
The blogging world has been ripe with compliments and support for Windows 7, praising Microsoft for listening to customers and providing some much needed improvement and innovation, and well—I’m not gonna do any differently here. Maybe it’s because Vista was so horrible, so worthless, and so annoying for so many people (myself included) that truly anything would be an improvement. Maybe, though, it really is because Microsoft has taken some initiative and listened to the feedback on Vista and done their damnedest to get things right this time around.
I’m very, very picky about my operating systems. My first computer ran Windows 3.1 which was great for its time, but Windows 95 was my first beta experience, and it went remarkably well too. Windows 98 was alright, but not great and certainly buggy as hell, but they got things stabilized with 98 Second Edition. Still, Windows 98 just didn’t suit me very well, so I quickly jumped ship to the NT platform with the Beta 1 release of Windows 2000 sometime around December of 1998. Windows 2000 for me was perfect at the time. I loved it. Ran it on my desktop and my server until 2005 when I finally upgraded to XP SP2 on my desktop and Server 2003 SP1 on my server.
It should come as no surprise then that I absolutely hated Windows Millennium Edition (aka Moron Edition), and I really wasn’t too keen on Windows XP initially either. In fact, I swore off Windows XP until SP2 was released while I was at Muskingum College. It was only because of a need to push out SP2 to the campus that I finally broke down and tested the hell out of it and adopted it for full time use. Since then, I’ve tried every public release of Windows Vista and despite continual improvement, I’ve hated it since day one. Things just didn’t work very well, and they definitely weren’t usable to anyone other than a technological toddler. I still refuse to even consider using Vista on a regular basis and anything I can do to steer people away from it, well, all the better.
Windows 7, however, is another story. I’m sold on it. I’m truly convinced that this is the way Windows was meant to be. Click on to see why…
