Archive for the 'Windows Vista' Category

IPCop 1.4.15 with PPTPd would not run because of libpcap link

Published
by
Greg
on October 3, 2007
in Linux, Networking, Security and Windows Vista
. Comments

I fought with this one for a while, like several hours. I installed the pptp addon for IPCop, which, by the way, you must Google for. I installed version 0.2.9 (pptpd_0.2.9.tar.gz) and found that on a forum somewhere. If you go to the addon’s from IPCop, you will only find 0.2.6, and that wont work with 1.4.13 or higher. (I might have that version a bit off, but I think that’s right) So Google for that file and you should find the file and ftp server IP. I don’t want to provide that, because I don’t have permission to do so.

Anyway, back to the problem. The pptp addon installed just fine on IPCop, and the admin web gui showed the correct items. I could not, however, get Windows to connect. I always got a 619 error, like that is helpful! On the IPCop /var/log/messages, I found this:
pptpd[5740]: GRE: read(fd=5,buffer=804dc00,len=8196) from PTY failed: status = -1 error = Input/output error

You can see the details on the pptpclient help page:

http://pptpclient.sourceforge.net/howto-diagnosis.phtml#read_eproto

 

I didn’t know how to do their troubleshooting, especially on IPCop. But then it occurred to me, find pppd, and ask it for help!

I ran this: /opt/pptp/sbin/pppd –help
Returned: /opt/pptp/sbin/pppd: error while loading shared libraries: libpcap.so.0.8.3: cannot open shared object file: No such file or directory

Ah-HA!!!

Run this on IPCop 1.4.15 while in the /usr/lib directory: ln -s libpcap.so.0.9.5 libpcap.so.0.8.3

BINGO! Windows can connect! From Vista no less!

Oh, and I know that PPTP is not the best as far as security goes, but it is the only thing I can use. I am running several Wifi Palm devices with a PPTP client on them for Hotsyncing on the Internet. I realize there is another product available that uses IPSec, but that is quite expensive per device. Plus that solution might run into a lot more hassle for the users while on the road trying to connect over hotspots, because IPSec may be blocked. PPTP is just more compatible. I’d really prefer to have an SSL based VPN on the Palm, but I don’t know of one available. So, for now, I’ll at least suffer with PPTP instead of opening my hotsync up to the world. Not perfect, but I can lock down the connection with IPcop too. (sounds like another blog… J )

Disable the MSTSC RDP Credentials prompt

Published
by
Greg
on July 12, 2007
in Windows Vista and Windows XP
. Comments

MSTSC V6, both in XP and Vista, now asks for credentials EVERYTIME you connect! I want the server to ask, not the client! Add this line to the Default.rdp file located in your My Documents folder.

enablecredsspsupport:i:0

Also:

authentication level:i:0

You may need to save as another name, then

rename the Default.rdp and replace the file.

=========================

Below are the default.rdp contents as set above

=========================

screen mode id:i:2

desktopwidth:i:1024

desktopheight:i:768

session bpp:i:32

winposstr:s:2,3,0,0,800,600

full address:s:venus

compression:i:1

keyboardhook:i:2

audiomode:i:1

redirectprinters:i:0

redirectcomports:i:0

redirectsmartcards:i:1

redirectclipboard:i:1

redirectposdevices:i:0

displayconnectionbar:i:1

autoreconnection enabled:i:1

authentication level:i:0

prompt for credentials:i:0

negotiate security layer:i:1

remoteapplicationmode:i:0

alternate shell:s:

shell working directory:s:

disable wallpaper:i:1

disable full window drag:i:0

allow desktop composition:i:1

allow font smoothing:i:1

disable menu anims:i:0

disable themes:i:0

disable cursor setting:i:0

bitmapcachepersistenable:i:1

gatewayhostname:s:

gatewayusagemethod:i:0

gatewaycredentialssource:i:4

gatewayprofileusagemethod:i:0

drivestoredirect:s:

enablecredsspsupport:i:0

Things I do not like about EFS and a better solution called Truecrypt

Published
by
Greg
on February 19, 2007
in Backup, Security, Windows Server, Windows Vista and Windows XP
. Comments

I am not expert on these things (encryption), but I have done some reading and found some issues with Encrypted File System I don’t like. I may not describe the issues correctly, so this is just my opinion more than anything.

1. In Windows 2000, don’t even bother. It can be bypassed with their recovery agent or administrator. So if you lose your laptop, the data can be accessed.

2. In XP, it is better and more secure. I think there is no data recovery agent, but I think a local administrator account on a non-domain install of XP will still have the private keys.

3. The private keys are on that hard drive!

4. You still see all the files. The file names are all viewable, and that may be a security risk for some companies. It’s better than nothing, but I don’t like that too much.

5. You can’t encrypt the whole system. Or a whole partition for that matter. You must encrypt a folder, and at that, only the files in that folder are encrypted.

6. Here’s the one I like least… with EFS, when you open a file, it is decrypted to a tmp file. This file is deleted once you finish with it, but as you know, files are not “wiped” from the drive when they delete, they just remove the pointer to it. So unless data is overwritten in that place of the drive, that data is accessible to anyone. If you had a spreadsheet with SSN’s or credit card numbers, and you just happen to lose your system to someone who knows what to do with it, you got a big problem!!

7. There’s more, I just can’t think of them.

Anyway, after doing some reading… I found that Bitlocker in Vista will be a very nice solution. But you have to buy Enterprise or Ultimate versions of Vista to get it. Bitlocker can encrypt the entire OS partition. Now that is nice! That is exaclty what we wanted! And if you set it up correctly, using a key or PIN at boot, it will make an extremely secure setup. One drawback, you can only encrypt the partition the OS is on, not other partitions. You’ll need to use normal EFS for them.

That’s nice, but I have Vista Business. And I don’t want to spend more money right now. Plus, on my main system and pretty much all my clients, they have 2000 and XP. Guess what I found to get me by? TrueCrypt. www.truecrypt.org. Nice product!! And it’s open-source and free!!!!

With TrueCrypt, you can password protect an entire partition with AES 256-bit encryption. You can use multiple ciphers and even key based access using a USB drive. (Bitlocker can do the USB drive thing too!) It’s a tiny program running in the systray. And in my case, I am just running a password authentication and 256bit AES on a separate partition, so my performance is pretty good too, though not as fast without encryption. Now, with XP I will be making redirections to My Documents to that private drive, and saving all my “work-in-progress” there. That, to me, operates reasonably, and pretty darn secure. I could do more to secure it, like use a key file on my usb key drive. Then you cannot get into any of my private data without the key drive inserted! But I need to test that first.

TrueCrypt can also create a virtual drive from a file.� That might be handy, but performance is just a little slower that way.� It cannot encrypt your OS partition though, which is a drag, but at least I can encrypt a separate partition and you cannot see the file system structure.� It has a lot of neat features. Definitely worth trying if you want lock down things.

Vista help and support will not open but I found a fix.

Published
by
Greg
on February 4, 2007
in Windows Vista
. Comments

In Windows Vista (mine is Business version) my Help and Support would not open. Said something about like:

“internet explorer cannot download from / help”

For some reason, Dreamweaver 8 install messed this up.� The fix was to tweak the file type association.� I just did� a simple registry update, but there might be other ways.

In the registry I had this:

[HKEY_CLASSES_ROOT.xml]

@="xmlfile"

"Content Type"="application/x-xml"

"PerceivedType"="text"

Under HKCR\.xml key, I had a Content Type of “application/x-xml” set.� I updated that to “text/xml”

So the final fix should look like this:

[HKEY_CLASSES_ROOT.xml]

@="xmlfile"

"Content Type"="text/xml"

"PerceivedType"="text"

And my Help and Support started to work!