Bienvenido! - Willkommen! - Welcome!

Bitácora Técnica de Tux&Cía., Santa Cruz de la Sierra, BO
Bitácora Central: Tux&Cía.
Bitácora de Información Avanzada: Tux&Cía.-Información
May the source be with you!

Wednesday, January 25, 2012

How to Make a Linux Powered Coffee Roaster

Source
watch the video, here’s the direct link.

Many coffee drinkers find that coffee taste much better when done at home, but many of them will come across that an actual coffee roasting machine may be out of their budget.
One gentleman, Andrew Tridgell, wanted to put his own twist on the ‘Corretto’ roaster. For his coffee roaster, however, he wanted to use a computer to control the required power. His solution involved a Linux laptop and a lot of intelligence to make his own coffee roaster.
The Setup
Required: A Corretto roaster, a thermocouple, and a Linux powered laptop.
linux-powered-coffee-roaster
The Corretto roaster consists of a bread machine, and a heat gun. The bread maker is the best choice for a coffee roaster for two very important factors: a built in stirrer (metal is a better choice for it won’t melt), and the ability to hold a high amount of heat. A heat gun is used because it can reach the proper temperature for roasting the beans (which is 210 degrees). Tridgell added in a Linux (Can’t go wrong with penguin powered coffee!) and a thermocouple to help control the temperature. For your information, the original Corretto roaster used sound of the beans cracking (about 2-4 sets of cracks) to tell when the beans were properly roasted.
The Procedure

VBoxHeadless

Source
Running Virtual Machines With VirtualBox 4.1 On A Headless Ubuntu 11.10 Server
This guide explains how you can run virtual machines with VirtualBox 4.1 on a headless Ubuntu 11.10 server. Normally you use the VirtualBox GUI to manage your virtual machines, but a server does not have a desktop environment. Fortunately, VirtualBox comes with a tool called VBoxHeadless that allows you to connect to the virtual machines over a remote desktop connection, so there's no need for the VirtualBox GUI.
[...]
Now we must add the user that will run VirtualBox (administrator in this example) to the vboxusers group:
sudo adduser administrator vboxusers
VirtualBox is now installed and ready to be used.
3 Using VirtualBox On The Command Line
3.1 Creating A VM
To create a VM on the command line, we can use the VBoxManage command. See
VBoxManage --help
for a list of available switches and (highly recommended!) take a look at http://www.virtualbox.org/manual/ch08.html.
I will now create an Ubuntu 11.10 Server VM with 512MB memory and a 10GB hard drive from the Ubuntu 11.10 Server iso image (which I have stored in /home/ubuntu-11.10-server-amd64.iso):
VBoxManage createvm --name "Ubuntu 11.10 Server" --register
VBoxManage modifyvm "Ubuntu 11.10 Server" --memory 512 --acpi on --boot1 dvd --nic1 bridged --bridgeadapter1 eth0
VBoxManage createhd --filename Ubuntu_11_10_Server.vdi --size 10000
VBoxManage storagectl "Ubuntu 11.10 Server" --name "IDE Controller" --add ide
VBoxManage storageattach "Ubuntu 11.10 Server" --storagectl "IDE Controller" --port 0 --device 0 --type hdd --medium Ubuntu_11_10_Server.vdi
VBoxManage storageattach "Ubuntu 11.10 Server" --storagectl "IDE Controller" --port 1 --device 0 --type dvddrive --medium /home/ubuntu-11.10-server-amd64.iso
3.2 Importing An Existing VM
Let's assume you have a VM called examplevm that you want to reuse on this host. On the old host, you should have a directory Machines/examplevm in the VirtualBox directory; Machines/examplevm should contain the examplevm.xml file. Copy the examplevm directory (including the examplevm.xml file) to your new Machines directory (if your user name is administrator, this is /home/administrator/.VirtualBox/Machines - the result should be /home/administrator/.VirtualBox/Machines/examplevm/examplevm.xml). In addition to that copy the examplevm.vdi file from the old VDI directory to the new one (e.g. /home/administrator/.VirtualBox/VDI/examplevm.vdi).
Afterwards, you must register the imported VM:
VBoxManage registervm Machines/examplevm/examplevm.xml
3.3 Starting A VM With VBoxHeadlessRegardless of if you create a new VM or import an old one, you can start it with the command:
VBoxHeadless --startvm "Ubuntu 11.10 Server"
(Replace Ubuntu 11.10 Server with the name of your VM.)
VBoxHeadless will start the VM and a VRDP (VirtualBox Remote Desktop Protocol) server which allows you to see the VM's output remotely on another machine.
To stop a VM, run
VBoxManage controlvm "Ubuntu 11.10 Server" poweroff
To pause a VM, run
VBoxManage controlvm "Ubuntu 11.10 Server" pause
To reset a VM, run
VBoxManage controlvm "Ubuntu 11.10 Server" reset
To learn more about VBoxHeadless, take a look at
VBoxHeadless --help
and at http://www.virtualbox.org/manual/ch07.html#vboxheadless

Ubuntu variants

Source
The Ubuntu Linux-based operating system (OS) has spawned a number of official and non-official variants that generally differ from the main Ubuntu release in one or two small, but very specific, ways.  Some of the more prominent Ubuntu variants include
  • Kubuntu: Ubuntu with KDE as the graphical desktop instead of Gnome
  • Macbuntu: Ubuntu with a Mac OS X-inspired desktop shell
  • Lubuntu: Ubuntu with the LXDE desktop instead of Gnome
  • Xubuntu: Ubuntu with the Xfce desktop instead of Gnome
  • Mythbuntu: a Xubuntu-based, Xfce4 desktop OS variant with MythTV installed
  • Edubuntu: an education-focused variant of Ubuntu
  • Ubuntu Studio: a multimedia-focused variant of Ubuntu

Monday, January 23, 2012

DSL tune up

Quelle
Nun lassen sich Ihre Messergebnisse langfristig speichern und sogar mobile Verbindungen messen, etwa per Handy. Zudem sorgen neue, leistungsfähigere Testserver für noch zuverlässigere Messwerte. Persönliche DSL-Statistik erstellen
Kurzzeitige Schwankungen der DSL-Geschwindigkeit sind normal. Mit Langzeitmessungen weisen Sie zweifelsfrei nach, dass Ihr Anschluss nicht nur gelegentlich, sondern generell zu langsam ist. Von nun an werden bei registrierten Nutzern auf Wunsch alle Messungen abgespeichert und in einer persönlichen Übersicht angezeigt.
» Weitere Informationen zur Erstellung persönlicher Statistiken
DSL-Anbieter-Tempo exakt ermitteln
Der erweiterte DSL-Speedtest misst nun das Tempo, das der Anbieter Ihrem Anschluss zuweist, direkt am Router. Nach der einmaligen Installation einer Zusatzsoftware funktioniert der erweiterte DSL-Geschwindigkeitstest genau wie der normale.
Achtung: Diese Messung funktioniert nicht mit allen Router-Modellen.
» Weitere Informationen zum erweiterten DSL-Geschwindigkeitstest
» Download: Programm für den erweiterten DSL-Geschwindigkeitstest
Für Internetanschlüsse per TV-Kabel oder DSL-Verbindungen ohne Router ist der erweiterte Speedtest nicht geeignet. Hier funktioniert nur der normale DSL-Geschwindigkeitstest von COMPUTER BILD.
Mobile Internetverbindungen messen
 Ab sofort lässt sich auch die Leistung Ihres mobilen Internetzugangs messen, zum Beispiel UMTS-Zugänge per Notebook oder Internet-Verbindungen mit dem Handy. Rufen Sie einfach den Speedtest mit Ihrem Handy oder einer anderen mobilen Verbindung auf, wählen Sie den entsprechenden Tarif und führen Sie die Messung anschließend wie gewohnt durch.
» Weitere Informationen zur Messung mobiler Verbindungen
Schnelle VDSL- und Kabelverbindungen messen 
Die technischen Möglichkeiten der Testserver wurden erweitert, sodass nun auch sehr schnelle Verbindungen (Kabel, VDSL) bis zu einer Geschwindigkeit von 70.000 Kilobit pro Sekunde exakt messbar sind.
Der Pingtest funktioniert bei mir nicht
Um den Pingtest ausführen zu können, sollten Sie Ihre Firewall für die Dauer des Tests deaktivieren. Wenn Sie Bedenken haben, die Firewall ganz zu deaktivieren, können Sie alternativ nur die Funktion "ICMP/Eingehende Echoanforderung zulassen" aktivieren. Diese Option finden Sie bei den "erweiterten Einstellungen" Ihrer Windows-Firewall.
Wenn Sie über einen DSL-(WLAN-)Router verfügen, besteht die Möglichkeit, dass auch dort der Ping blockiert wird. Sehen Sie in der Bedienungsanleitung Ihres Routers nach, wie Sie diese Blockade zeitweise deaktivieren können.
» Top-Tipps zur DSL-Optimierung
Die Hauptgründe für eine langsame Internetverbindung
Das kennen Sie bestimmt: Sie haben einen schnellen DSL-Anschluss gebucht, das Tempo lässt aber zu wünschen übrig! Diese Problematik ist keine Seltenheit. Zwei Ursachen kommen für das Dilemma infrage:
  1. Das Anbieter-Problem: Weniger DSL als versprochen
    Einige Anbieter versprechen zwar die Höchstgeschwindigkeiten eines Sportflitzers, liefern tatsächlich aber nur die Leistung eines Kleinwagens. Sie bieten beispielsweise DSL 16000 an, garantieren aber lediglich ein Tempo von 7.000 Kilobit pro Sekunde (kbit/s). Im Kleingedruckten steht dann nicht ohne Grund „bis zu 16.000 kbit/s“.
  2. Das Heim-Problem: Falsche Hardware und falsche Einstellungen
    Nicht immer tragen die DSL-Anbieter die Schuld an der Misere. Selbst bei fehlerfreien Internet-Leitungen kann es zu lahmen Breitbandverbindungen kommen. Die möglichen Ursachen liegen dann bei Ihnen – im heimischen Gerätepark. Nicht korrekt konfigurierte Netzwerkkarten, alte Router, falsches WLAN-Equipment und schlechte Empfangsbedingungen, die das WLAN-Funknetzwerk stören, sind typische DSL-Bremsklötze. Schnelle Hilfe: Durch Neupositionierung von WLAN-Router, PC oder Notebook erreichen Sie oft mehr Leistung. Fehlerhaft eingestellte Netzwerkkarten optimiert das Hilfsprogramm TCP Optimizer
Was Sie sonst noch tun können, lesen Sie in der Bildergalerie:
10 Top-Tipps zur Erhöhung des DSL-Tempos.
Schließen Sie Ihr DSL optimal an
In vielen Wohnungen oder Häusern gibt es mehrere der herkömmlichen TAE-Telefonanschlussdosen. Der Anschluss an verlängerten TAE-Zweitdosen kann zum Geschwindigkeitsverlust führen.
Tipp 1
Verbinden Sie das erste DSL-Gerät, also den Splitter, möglichst mit der ersten TAE-Telefondose in Wohnung oder Haus. 
Konfigurieren Sie Ihre Netzwerkkarte mit TCP Optimizer

Die Netzwerkkarte im Desktop-PC oder Notebook muss optimal eingestellt sein. In der Regel ist sie das auch. Falls nicht, stellt der TCP Optimizer die idealen Werte für Ihren DSL-Anschluss ein.
Nutzen Sie das Hilfsprogramm TCP Optimizer, um Ihre Netzwerk- oder WLAN-Karte optimal für den DSL-Anschluss zu konfigurieren.
» TCP Optimizer: Die Netzwerkkarte optimal für DSL einstellen
Belegen Sie einen neuen WLAN-Kanal im Router
Sie nutzen einen WLAN-Router? Dann kann es sein, dass benachbarte WLAN-Funknetze die Leistungsfähigkeit Ihres WLANs beeinträchtigen, besonders in einer dicht besiedelten Stadt.
Wechseln Sie den WLAN-Funkkanal. Oft sind Router auf dieselben Kanäle voreingestellt. Auf welchen Kanälen die Geräte der Nachbarschaft laufen, können Sie mit der Software NetStumbler prüfen. Wählen Sie einen Kanal, der möglichst weit von den meistbelegten Kanälen entfernt ist.
» Download: Gratis-Programm NetStumbler herunterladen


Sunday, January 22, 2012

NTLM versions and network compatibilities

Source http://www.sevenforums.com/network-sharing/5369-networking-file-share-between-windows-7-windows-xp.html SourceB  
Trying to share files between my three machines (there are actually none windows machines as well using SMB share).
They all work with each other except "Windows 7" is misbehaving. 
Everyone is prompted for a password to browse the 7 machine, and 7 is asked for password when it tries to look at any other device. This is obviously a "password encryption" thing that I have run into before, but now I cannot seem to find a solution. 
I have the following changes to Windows 7: 
HKLM\SYSTEM\CurrentControlSet\Control\Lsa LmCompatibilityLevel=1 
Which I think is all I had to do with Vista and XP to get them to cooperate. Since I do not have gpedit.msc, is there any other registery changes that need to be made for this work? Thank you. 
-----------------------------  
secpol.msc also has, under Security Options, Network Security: LAN Manager Authentication Level ... which can make changes to the setting. registry: HKLM/System/CurrentControlSet\Control\LSA Look for the 0 = sent LM adn NTLM, never use NTLMv2 1 = use NTLMv2 if negitiated. LM, NTLM and LTLMv2 can be used 2 = send NTLM only. 3 = sent NTLMv2 only. 4 = Domain controllers refuse LM. 5 = Domain controllers refuse LM and NTLM.  ---------------------------- It does not look like 7 "Home" has secpol.msc either. I tried setting LmCompatiblityLevel to 0 and 1, neither seemed to work. =====================
Windows XP SP2, Vista, Windows 7 clients unable to connect to Netware CIFS
=====================
eSafe Proxy with NTLM v2.0
Windows Vista, Windows 7 and Windows Server 2008 R2 and higher use NTLM v2.0-only by default. eSafe Proxy uses NTLM v1.0. The default setting within Windows can be changed to operate in a mode which is backwards compatible with eSafe Proxy. Take the following steps to change the NTLM settings:
  1. 1. Open the Group Policy Editor with gpedit.msc;
  2. 2. Go to Computer Configuration – Windows Settings – Security Settings – Local Policies – Security Options;
  3. 3. Go to the setting: Network security: LAN Manager authentication level
  4. 4. Change this setting to: Send LM & NTLM – use NTLMv2 session security if negotiated
  5. 5. Apply the policy with gpupdate /force
ntlmv2
The picture shows the policy setting within Windows.
This should solve the problem with single sign-on on Windows Vista, Windows 7 and Windows Server 2008 R2 and higher.
======================  
Disable NetBIOS and NTLM on Windows 2003 Domain Controllers
About NTLMv1/LM ... I don't think it's a problem disabling them (maybe only if you have some very old OS on your network). Regarding NETBIOS
I think the domain controller need this functionality for the replication. Anyway, for fully disable NETBIOS and SMB check
http://www.microsoft.com/technet/Sec...n2k/a0604.mspx
(as you can see it's not enough to check Disable Netbios over TCP/IP from
Advanced TCP/IP settings).
Andrei Ungureanu
www.eventid.net
Free Windows event logs reports
http://www.altairtech.ca/evlog/
=================  

Wednesday, January 18, 2012

LLTD responder on Windows Server 2003

http://www.ehow.co.uk/list_6620360_alternatives-network-magic.html
 Installing Link Layer Topology Discovery (LLTD) on Windows Server 2003
In one of my previous articles – "Hide your Vista Computer on the Network" I wrote about what the network map is in Vista.
The network map on a computer running Windows Vista shows a graphical view of the computers and devices on your network and how they are connected by using the LLTD protocol. Thing is, that in order to display Windows Vista/2008 computers in the network map you need not do anything special. However, in order to make Windows XP computers appear in it, you will need to download and install the LLTD responder before it can be detected and appear on the network map. You can read more about this issue in my "Installing Link Layer Topology Discovery (LLTD) on Windows XP" article.
You can download the update from the following link:
All this is good and well, however there's one little catch. By default, you can’t run the LLTD responder update under Windows 2003. If you try to run the update you'll get this error:
However, you can try to force the update to run by performing these steps:
Note: Installing LLTD on Windows Server 2003 is NOT SUPPORTED by Microsoft, and has mixed results. Do NOT do it if you don't know what you're doing, and if something breaks, don't expect anyone to help you.
  1. After downloading the update, navigate to the folder where you've saved the file and right-click it. Select Properties.
  2. Next, in the Compatibility tab, click to select the Run This Program in Compatibility Mode for, and in the drop-down list select Windows XP. Click Ok.

  3. You can now install the update. You will not be prompted for a reboot, but you might want to reboot anyway.

  4. Next, you need to install the LLTD protocol in the network adapter's properties. Go to the downloaded file from step 1, and double-click on it as if to install it. Do NOT proceed with the installation, just leave the welcome screen open. Now go to your hard disk, and on the partition with the largest available free space you'll find a folder which's name is made of many letters and numbers (name varies, so there's no point in typing it here).

  5. Open the network interface's properties screen, and click install.

  6. In the network component type click Protocol and the click on the Add button.

  7. In the Select Protocol window click Have Disk, and browse to the folder from step 4. In that path, look for the file called rspndr.inf. Click Ok.
  8. In the Select Network Protocol window click the Link-Layer Topology Discovery Responder and click Ok. After a short installation, the new protocol should be available in the network interface's properties screen.

  9. To be safe, reboot the computer. It should now be visible on the network map.
As noted above, this procedure is not supported in any way. Use at your own risk.
=================================
Unattended Windows Vista tech. on Windows XP/2003
UPDATE (09/12/2007): Updated with the list of applications and components listed here:
Windows Vista components available for Windows XP.
With Microsoft releasing a number of applications developed for Windows Vista also available for Windows XP, I’ve put together a quick ‘how to’ guide for performing an unattended install for each application.
The approach I’ve taken here are direct command lines for installing these applications as you would do with a custom Windows CD or installing after Windows is installed on the computer. You could fit these installs to tools such as Microsoft SMS or Altiris Deployment Solution. If you deploy via Group Policy then you’ll have to take a different approach.
Here’s a breakdown for each application including the command line you need to use for an unattended or silent install. I have the Windows XP version executables listed, so for Windows Server 2003 you will have to adjust the file names.

Windows Internet Explorer 7

Internet Explorer can be installed during Windows Setup via CMDLINES.TXT. This will ensure that the latest version of IE is installed as soon as Windows setup is complete from a clean install. This command will stop the setup program from downloading updates during install and will display a dialog box with a progress bar. You can also add the /NO-DEFAULT switch to prevent setup from making Internet Explorer the default web browser. You can get a full list of command line switches by running IE7-WindowsXP-x86-enu.EXE /?.
START /WAIT IE7-WindowsXP-x86-enu.EXE /PASSIVE /NORESTART /UPDATE-NO 

Windows Media Player 11

This application is for Windows XP only, but then who needs WMP 11 on their Terminal Server? Unlike Internet Explorer, I’ve not been able to get Windows Media Player to install via CMDLINES.TXT. This command will install Windows Media Player without you seeing any install user interface during setup.
START /WAIT wmp11-windowsxp-x86-enu.exe /Q:A /C:"SETUP_WM.EXE /Q:A /R:N /P:#e" 

Windows Defender 1.1

This command line will install Windows Defender silently prevent Windows Defender from running after setup is complete.
START /WAIT MSIEXEC /I WindowsDefender.MSI ALLUSERS=TRUE REBOOT=SUPRESS CHECK_WGA=0 LAUNCHPROGRAM=0 LAUNCHSCAN=0 /QB- 

Microsoft .NET Framework 3.0

The .NET Framework 3.0 includes the .NET Framework 2.0 so you do not have to install that version separately. You will see a dialog with a progress bar during install.
START /WAIT dotnetfx3.EXE /PASSIVE /NORESTART 

Windows Desktop Search 3.01

The Windows Desktop Search setup application will accept the /PASSIVE switch so that a progress bar is displayed during setup, but the /QUIET switch is required to prevent setup from displaying an ‘Install Complete’ dialog once finished.
START /WAIT WindowsDesktopSearch-KB917013-V301-XP-x86-enu.exe /QUIET /NORESTART 

Remote Desktop Connection 6.0

Like Internet Explorer this application can be deployed via CMDLINES.TXT using a custom Windows setup source.
START /WAIT WindowsXP-KB925876-x86-ENU.EXE /PASSIVE /NORESTART 

Link Layer Topology Discovery (LLTD) Responder



The network map on a computer running Windows Vista shows a graphical view of the computers and devices on your network and how they are connected by using the LLTD protocol. The LLTD responder must be installed on a computer running Windows XP before it can be detected and appear on the network map.

START /WAIT WindowsXP-KB922120-v5-x86-ENU.exe /PASSIVE /NORESTART

Full List

I’ve updated this script with the applications listed here. Windows Installer 3.1 is a requirement for installing .NET Framework 3.5.
@ECHO OFF
REM Windows Installer 3.1
START /WAIT WindowsInstaller-KB893803-v2-x86.EXE /PASSIVE /NORESTART

REM Microsoft Core XML Services 6.0
START /WAIT MSIEXEC /I MSXML6.MSI ALLUSERS=TRUE REBOOT=SUPPRESS /QB

REM Internet Explorer 7
START /WAIT IE7-WindowsXP-x86-enu.EXE /PASSIVE /NORESTART /UPDATE-NO

REM Windows Media Player 11
START /WAIT wmp11-windowsxp-x86-enu.EXE /Q:A /C:"SETUP_WM.EXE /Q:A /R:N /P:#e"

REM Windows Defender 1.1
START /WAIT MSIEXEC /I WindowsDefender.MSI ALLUSERS=TRUE REBOOT=SUPRESS CHECK_WGA=0 LAUNCHPROGRAM=0 LAUNCHSCAN=0 /QB-

REM .NET Framework 3.5
START /WAIT dotnetfx35.EXE /PASSIVE /NORESTART

REM Windows Desktop Search 3.01
START /WAIT WindowsDesktopSearch-KB917013-V301-XP-x86-enu.EXE /QUIET /NORESTART

REM Remote Desktop Connection 6.0
START /WAIT WindowsXP-KB925876-x86-ENU.EXE /PASSIVE /NORESTART

REM LLTD Responder
START /WAIT WindowsXP-KB922120-v5-x86-ENU.EXE /PASSIVE /NORESTART

REM Image Mastering API
START /WAIT WindowsXP-KB932716-x86-ENU.EXE /PASSIVE /NORESTART

REM Microsoft Management Console 3.0
START /WAIT WindowsXP-KB907265-x86-ENU.EXE /PASSIVE /NORESTART

REM Windows Script 5.7
START /WAIT scriptenXP.exe /PASSIVE /NORESTART

REM Windows PowerShell 1.0
START /WAIT WindowsXP-KB926139-x86-ENU.EXE /PASSIVE /NORESTART

REM XPS Essentials Pack
START /WAIT MSIEXEC /I "XPSEP XP and Server 2003 32 bit.MSI" ALLUSERS=TRUE REBOOT=SUPRESS /QB

REM Peer Name Resolution Protocol (PNRP) version 2.0
START /WAIT WindowsXP-KB920342-x86-ENU.EXE /PASSIVE /NORESTART

REM Silverlight 1.0
START /WAIT SILVERLIGHT.EXE /Q

REM Network Diagnostic Tool
START /WAIT WindowsXP-KB914440-v12-x86-ENU.EXE /PASSIVE /NORESTART

REM WS-Management v1.1
START /WAIT WindowsXP-KB936059-x86-ENU.EXE /PASSIVE /NORESTART

REM Windows Rights Management Services Client with Service Pack 1
START /WAIT WindowsRightsManagementServicesSP1-KB839178-Client-ENU.EXE /PASSIVE /NORESTART

Networking with different Windows

New features and functionality in PortQry version 2.0 (for NT5.2)
Networking home computers running different versions of Windows
If your network contains computers running different versions of Windows, put all computers in the same workgroup Let's assume that you've already set up the physical network itself. If you haven’t, see What you need to set up a home network.
After your network is set up, the next step is to fine-tune it so that all the computers can find each other—something you'll need if you want to share files and printers.
If computers running Windows XP are part of your network, it’s important to use the same workgroup name for all of the computers on your network. This makes it possible for computers running different versions of Windows to detect and access each other. Remember that the default workgroup name is not the same in all versions of Windows.
To find or change the workgroup name on a computer running Windows XP
  1. Click Start, right-click My Computer, and then click Properties.
  2. In System Properties, click the Computer Name tab to see the workgroup name. To change the name, click Change, type the new name in Computer name, and then click OK.
To find the workgroup name on a computer running Windows Vista or Windows 7
Open System by clicking the Start button Picture of the Start button, right-clicking Computer, and then clicking Properties.
  1. The workgroup name is displayed under Computer name, domain, and workgroup settings.
To change the workgroup name on a computer running Windows Vista or Windows 7
Open System by clicking the Start button Picture of the Start button, right-clicking Computer, and then clicking Properties.
  1. Under Computer name, domain, and workgroup settings, click Change settings.
  2. In System Properties, on the Computer Name tab, click Change.
  3. In Computer Name/Domain Changes, in Workgroup, type the name of the workgroup you want to use, and then click OK. You will be prompted to restart your computer.
Picture of the System windowThe workgroup name is displayed in the System window
Set the network location to Home or Work
Next, check the network location on all computers running Windows Vista or Windows 7. The network location is a setting that allows Windows to automatically adjust security and other settings based on the type of network that the computer is connected to. For more information, see Choosing a network location.
There are four network locations:
  • Home. The computer is connected to a network that has some level of protection from the Internet (for example, a router and a firewall) and contains known or trusted computers. Most home networks fall into this category. HomeGroup is available on networks with the Home network location.
  • Work. The computer is connected to a network that has some level of protection from the Internet (for example, a router and a firewall) and contains known or trusted computers. Most small business networks fall into this category.
  • Public. The computer is connected to a network that's available for public use. Examples of public network types are public Internet access networks, such as those found in airports, libraries, and coffee shops.
  • Domain. The computer is connected to a network that contains an Active Directory domain controller. An example of a domain network is a network at a workplace. This network location is not available as an option and must be set by the domain administrator.
For your home network, make sure that the network location type is set to Home. Here's how to check:
  • Open Network and Sharing Center by clicking the Start button Picture of the Start button, and then clicking Control Panel. In the search box, type network, and then click Network and Sharing Center.
The network location type is displayed below the network name.
Picture of Network and Sharing CenterThe network location type is displayed in Network and Sharing Center
If your network type is public, click Public network, and then select the network location you want.
Warning 
Warning
You should only change a network to Home or Work if it's a known and trusted network, such as your home or small business network. Changing a network in a public place to Home or Work can be a security risk because it allows other people on the network to see your computer.
Make sure your firewall allows file and printer sharing
If you're using Windows Firewall, you can skip this section, because Windows Firewall automatically opens the correct ports for file and printer sharing when you share something or turn on network discovery. (For more information about network discovery, see What is network discovery?) If you're using another firewall, you must open these ports yourself so that your computer can find other computers and devices that have files or printers that you want to share.
To find other computers running Windows Vista or Windows 7, open these ports:
  • UDP 3702
  • UDP 5355
  • TCP 5357
  • TCP 5358
To find other computers running earlier versions of Windows, and to use file and printer sharing on any version of Windows, open these ports:
  • UDP 137
  • UDP 138
  • TCP 139
  • TCP 445
  • UDP 5355
To find network devices, open these ports:
  • UDP 1900
  • TCP 2869
  • UDP 3702
  • UDP 5355
  • TCP 5357
  • TCP 5358
To make HomeGroup work correctly between computers running Windows 7, open these ports:
  • UDP 137
  • UDP 138
  • TCP 139
  • TCP 445
  • UDP 1900
  • TCP 2869
  • UDP 3540
  • TCP 3587
  • UDP 3702
  • UDP 5355
  • TCP 5357
  • TCP 5358
Turn on additional file and printer sharing options
By changing your network location to Home or Work, network discovery is automatically turned on . You can also turn on these sharing options individually:
  • Network discovery
  • File sharing (in Windows 7, this is automatically turned on when you share a file or folder)
  • Public folder sharing
When you turn on these options, your computer can:
  • Find other computers and devices on your home network and have other computers find your computer
  • Share its files and folders
  • Share its Public folders
Note

Note
Password-protected sharing is a special option that's discussed below.
To turn on network discovery, file and printer sharing, and public folder sharing in Windows 7
Open Advanced sharing settings by clicking the Start button Picture of the Start button, and then clicking Control Panel. In the search box, type network, click Network and Sharing Center, and then, in the left pane, click Change advanced sharing settings.
  1. Click the chevron Picture of the chevron icon to expand the Home or Work network profile.
  2. Select the options to turn on network discovery and file sharing.
  3. Under Public folder sharing, do one of the following:
    • To share your Public folders so that people on other computers on the network can open files in them but can't create or change files, click Turn on sharing so anyone with network access can open files.
    • To share your Public folders so that people on other computers on the network can open files in them and also create or change files, click Turn on sharing so anyone with network access can open, change, and create files.
      Click Save changes. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
To turn on network discovery, file sharing, public folder sharing, and printer sharing in Windows Vista Open Network and Sharing Center in Control Panel.
  1. Under Sharing and Discovery, click the chevron Picture of the chevron icon next to File sharing to expand the section, click Turn on file sharing, and then click Apply. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
  2. Click the chevron Picture of the chevron next to Public folder sharing to expand the section, and then do one of the following:
    • To share the Public folder so that people on other computers on the network can open files in it but can't create or change files, click Turn on sharing so anyone with network access can open files, and then click Apply. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation. This is the default setting.
    • To share the Public folder so that people on other computers on the network can open files in it and also create or change files, click Turn on sharing so anyone with network access can open, change, and create files, and then click Apply. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
  3. Click the chevron Picture of the chevron next to Printer sharing to expand the section, click Turn on printer sharing, and then click Apply. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
Consider using password-protected sharing
Password-protected sharing is a more secure method of sharing files and folders on a network, and it is enabled by default. With password-protected sharing enabled, people on your network can't access shared folders on other computers, including the Public folders, unless they have a user name and password on the computer that has the shared folders. They will be prompted to type a user name and password when accessing the shared folders.
For quicker access, you might want to have matching user accounts on all your computers. For example, Dana wants to use password-protected sharing to more securely share files and printers between her two computers. On Computer A, she has the user account "Dana22" and the password "Fly43$." If she sets up that same user account and password combination on Computer B, she can more quickly access shared files on Computer B. If Dana changes the password on one of these computers, she must make the same change on the other computer.
To turn on password-protected sharing in Windows 7
  1. Open Advanced sharing settings by clicking the Start button Picture of the Start button, and then clicking Control Panel. In the search box, type network, click Network and Sharing Center, and then, in the left pane, click Change advanced sharing settings.
  2. Click the chevron Picture of the chevron icon to expand the Home or Work network profile.
  3. Under Password protected sharing, click Turn on password protected sharing, and then click Save changes. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
To turn on password-protected sharing in Windows Vista
  1. Open Network and Sharing Center in Control Panel.
  2. Under Sharing and Discovery, click the chevron Picture of the chevron icon next to Password protected sharing to expand the section, click Turn on password protected sharing, and then click Apply. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
To share a file or folder
In any version of Windows, you can right-click a file or folder, click Share, and then select the people or groups you want to share with. You can also assign permissions so that those people can or cannot make changes to the file or folder you shared. For more information, see Share files with someone.
Using the network map
The network map in Network and Sharing Center is a graphical view of the computers and devices on your network, showing how they're connected and including any problem areas. This can be helpful for troubleshooting. Before a computer running Windows XP can be detected and appear on the network map, you might need to install the Link-Layer Topology Discovery (LLTD) protocol on that computer. For more information, go to Network Map Does Not Display Computers Running Windows XP on the Microsoft website.
If the LLTD protocol is installed but computers running Windows XP still don't appear on the network map, firewall settings could be preventing Windows from detecting them. Check the firewall settings and make sure that file and printer sharing is enabled. To learn how to do this, if you're using Windows Firewall, open Help and Support and search for "Enable file and printer sharing." Open the Help topic, and then scroll to the end. If you're using another firewall, check the information that came with your firewall.

 
  • Do you have any third party firewall installed on the computer or are you using Windows Firewall?
  • Were you able to access remote desktop connection on this computer earlier?
  • Did you make any changes to the computer before this issue started?

However, if you are using Windows Firewall and if Windows Firewall is blocking a program and you want to allow that program to communicate through the firewall, you can usually do that by selecting the program in the list of allowed programs (also called theexceptions list) in Windows Firewall.

Access the links below and follow the steps to troubleshoot the issue and add the program to exception list.
A port stays open all the time, so be sure to close ports that you don't need open anymore.
  1. Open Windows Firewall by clicking the Start button Picture of the Start button, and then clicking Control Panel. In the search box, type firewall, and then click Windows Firewall.
  2. In the left pane, click Advanced settings. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
  3. In the Windows Firewall with Advanced Security dialog box, in the left pane, click Inbound Rules, and then, in the right pane, click New Rule.
  4. Follow the instructions in the New Inbound Rule wizard.
If you’re having trouble allowing other computers to communicate with your computer through Windows Firewall, you can try using the Incoming Connections troubleshooter to automatically find and fix some common problems.
Open the Incoming Connections troubleshooter by clicking the Start button Picture of the Start button, and then clicking Control Panel. In the search box, type troubleshooter, and then click Troubleshooting. Click View all, and then click Incoming Connections.

----------------

If you are using any third party firewall, you may contact the security software manufacturer and check how to change the settings for you to use remote desktop
Remote desktop or Terminal services use TCP port 3389, not port 137.
Port assignments for TCP and UDP.
http://technet.microsoft.com/en-us/library/cc959833.aspx

Service overview and network port requirements

Tuesday, January 17, 2012

Reset Roaming Profile and Folder Redirection Permissions

Source
[...]
Resetting Permissions

If you run into permission issues, first make sure your parent folder permissions are correct as defined above.
If you need to reset permissions on a user folder, you will first need to take ownership of the entire folder, then reset permissions, then assign ownership back to the user. While it is possible to do this in the GUI, if you need to do it for lots of users, you’ll want to develop a script. Starting from Richard Teachout’s article, I came up with the following approach. Notes:
  • You can use the built-in utility takeown to assign ownership to Administrators. However in order to assign ownership back to end users, you’ll need to download and install subinacl.
  • For permission assignment, you can use the built-in cacls utility. Although Mr. Teachout recommended the /G parameter to grant permissions, I had better luck with the /P parameter to replace permissions. This hopefully takes care of the odd permission on some profiles where the user has full access to the top folder only.Using /G on that kind of folder generates errorlevel 13 and the message "The data is invalid".
My environment has the following physical folder structure:
D:\RoamingProfiles
D:\RoamingProfiles\UserDocs
D:\RoamingProfiles\UserDocs\User01
D:\RoamingProfiles\UserDocs\User01
D:\RoamingProfiles\UserProfiles
D:\RoamingProfiles\UserProfiles\User01
D:\RoamingProfiles\UserProfiles\User01.V2 – used by new Windows 7 profile folder redirection
D:\RoamingProfiles\UserProfiles\User02
D:\RoamingProfiles\UserProfiles\User02.V2

The Script
Based on that structure, I created my script in the D:\RoamingProfiles folder, and assumed it would be run with a single parameter, the %UserName%. Here are the basic commands. As always, use at your own risk!
[...]

VPN Can’t Ping from LAN to LAN

Source
Unfortunately after configuring the VPN, I could ping from the router to the other LAN, but I could not ping from one LAN to the other LAN. Not good!
I got lots of help from the VPN and VLAN and authors. Long story short:  the VLAN setup was not allowing packets on the local LAN to be forwarded to the VPN tunnel.
The solution is to manually add a one-line forwarding instruction to each router. The exact instruction depends on which VLAN you wan to route to which VPN tunnel.
The VLANs are listed under Advanced > VLAN. Choose the Bridge name for the VLAN you want to connect.
Tomato VPN 1
The tunnels are named as follows: tun11 = OpenVPN Client1, tun12 = Client2, tun21 = Server1, and tun22 = Server2. You can see which tunnel is active under Advanced > Routing. This screen shot is from my OpenVPN server:
Tomato VPN 2
On both the client and sever, my main LAN (that I want to share across the VPN) is on br0. The server is tun21 and the client is tun11. So on the OpenVPN server router, I ran this instruction from Tools > System:
iptables -A FORWARD -i br0 -o tun21 -j ACCEPT
and on the OpenVPN client router I ran this instruction:
iptables -A FORWARD -i br0 -o tun11 -j ACCEPT
Voila! Bi-directional ping happiness, from server’s LAN to client’s LAN and vice-versa.
To make the instructions “sticky,” save the corresponding instruction in Administration > Scripts > Firewall on each router, and reboot the router.
This functionality may eventually become “standard” or part of the GUI, but for now, a pair of simple instructions lets you use OpenVPN on a router running VLANs.

runas command

You’ll need admin privileges to stop and start a service. 
On XP, you can use a command like this:
runas /noprofile /env /user:Administrator cmd
You will be prompted for the Administrator password, and a new command window will open.

Ping request could not find host


Fix for Ping request could not find host "FQDN of server" Error
I can ping by their IP address but not by their name
ping 192.168.1.3 --works
ping familypc --doesn't work
Ping request could not find host ___ Please check the name and try again
Solution
Need to setup WINS server or service on one of the computer. Or if you're using one of those gateway/router for internet sharing, you can set your wins server as that since it has capabilities of DHCP
Best solution
Windows firewall was blocking port 137. After unblocking it worked fine.
At command prompt
ping myserver.mydomain.local
I get back the message “Ping request could not find host myserver.mydomain.local. Please check the name and try again.”
An nslookup works fine, so I know the SBS server is there and is responding to DNS requests.
In fact, I can “ping myserver” without problems. But for some reason, pinging the fully-qualified internal name doesn’t work.
Sometimes, I can just type “ipconfig /flushdns” to clear this up. Today that didn’t work. However once I actually stopped and started the DNS cache, ping started working
net stop DNScache
net start DNScache
---------
Windows XP Home SP3. “PING name” does not find the host, and “PING ip-address” works fine. Also, “NSLOOKUP name” and also “NSLOOKUP name dns-server-ip-address” both work fine; that is NSLOOKUP works using it’s own default, and also using any valid DNS server I specify. But, PING and various other software like browsers, anti-virus, and pretty much any other name-dependent software will not function.
--------
Can still ping both ways by IP addr but not by computer name and hence Network Neighborhood only shows the source PC name, and can not see the other shared folders
---------------
 Are NSLOOKUPs resolving the names correctly? Does it help if you stop then start the “DNS Client” service (not just “DNSCache”)?

Despite multiple cache clearings, browsers can't find it either (it's an internal website). I am suspecting this is why. I am not sure how, after several /flushdns and /registerdns, if nslookup finds it right off, why can't anything else..? 
--------------------------
nslookup does not use the same references as ping
Ping will directly query the DNS server defined in ipconfig
nslookup will quiery the DNS server, on the AD domain controller your security was authenticated on.
Ping simply asks DNS give me the ip so I can ping it.
Their is no record in DNS for a myhost PC. But the code within the AD DNS schema has a refernce for a nslookup so you are returned the address of your authentication server..
If you invoke nslookup and put a x in front of it, you will get a > prompt. Type in a question mark at the prompt and you can see the switches to get the info you need with nslookup.
---------------------------
Win 2k3 'Round Robin' setting
I didn't set this box up - looking at the DNS settings, i see it's set for round robin.
configured on the workstations? To clarify, on your workstations, do you have the primary DNS server as the ADC and a secondary DNS server ip that points to a non-Active Directory DNS server?
Answer
On Windows 2000 and later, if a request to your primary DNS server times out, it switches to the secondary DNS server and stays with it for a period of time. However, nslookup always connects to the primary.
Take a look at this article and be sure to read the part about caching negative responses.
Windows contains a client-side Domain Name System (DNS) cache. The client-side DNS caching feature may generate a false impression that DNS "round robin" is not occurring from the DNS server to the Windows client computer. When you use the ping command to search for the same A-record domain name, the client may use the same IP address. This behavior is different from Microsoft operating systems earlier than Windows 2000. These operating systems do not include the client-side DNS caching feature. This article describes how to disable DNS caching.
Note This article refers to the client portion of DNS. Do not use this information for making changes to DNS servers.
To stop DNS caching, run either of the following commands:
  • net stop dnscache
    -or-
  • sc servername stop dnscache
To disable the DNS cache permanently in Windows, use the Service Controller tool or the Services tool to set the DNS Client service startup type to Disabled. Note that the name of the Windows DNS Client service may also appear as "Dnscache."
Note The overall performance of the client computer decreases and the network traffic for DNS queries increases if the DNS resolver cache is deactivated.
The DNS Client service optimizes the performance of DNS name resolution by storing previously resolved names in memory. If the DNS Client service is turned off, the computer can still resolve DNS names by using the network's DNS servers.
When the Windows resolver receives a positive or negative response to a query, it adds that positive or negative response to its cache, and as a result, creates a DNS resource record. The resolver always checks the cache before querying any DNS server. If a DNS resource record is in the cache, the resolver uses the record from the cache instead of querying a server. This behavior expedites queries and decreases network traffic for DNS queries.
You can use the Ipconfig tool to view and to flush the DNS resolver cache. To view the DNS resolver cache, type ipconfig /displaydns at a command prompt. Ipconfig displays the contents of the DNS resolver cache, including the DNS resource records that are preloaded from the Hosts file and any recently queried names that were resolved by the system. After a certain time period, the resolver discards the record from the cache. The time period is specified in the Time to Live (TTL) associated with the DNS resource record. You can also flush the cache manually. After you flush the cache, the computer must query DNS servers again for any DNS resource records previously resolved by the computer. To delete the entries in the DNS resolver cache, type ipconfig /flushdns at a command prompt.
[...]
Subnet Prioritization 
The Windows XP DNS resolver also uses Subnet Prioritization. If the resolver receives multiple IP address mappings (A resource records) from a DNS server, and some of the records have IP addresses from networks to which the computer is directly connected, the resolver places those resource records first. This behavior reduces network traffic across subnets by forcing computers to connect to network resources that are closer to them.
Although subnet prioritization does reduce network traffic across subnets, in some cases you may prefer to have the round robin feature work as described in RFC 1794. If so, you can disable the Subnet Prioritization feature on your clients by adding the
PrioritizeRecordData
registry entry with a value of 0 (REG_DWORD data type) in the following registry key: For additional information, click the following article numbers to view the articles in the Microsoft Knowledge Base:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DnsCache\Parameters
297510  How to Modify Time to Live on Domain Name System Records
286834  The DNS Client Service Does Not Revert to Using the First Server
For more information, see the Microsoft Windows XP Professional Resource Kit Documentation, chapter "DNS Caching, Network Prioritization, and Security."
Reply
We have no secondary internal DNS, and had round-robin set on the DNS server: i already turned that off. We are serving 2nd/tertiary DNS servers via DHCP to client workstations. I've turned off neg caching for all stations, serving a .reg via GPO. So far, on my own machine, i have seen no issues. Since this has been sporadic, it'll likely be a few days before i know it's gone for good.
I'm hoping this will also clear up the weird sudden-loss-of-shares and exchange issues
...
So: it is NOT resolving the CNAME correctly, but when asked about the machine itself, data, it resolves to the correct IP, and then the CNAME resolves "thru" the machine name to the target IP.
I incremented the serial the last time i made DNS changes. I made the above-suggested zero-neg-cache registry change. I have rebooted the machine and ensured all settings are current and policies are being applied.



DNS resolve problem with ping but not nslookup
windows XP SP3
my PC was not able to resolve DNS with most internet software
I tried pinging google and it also fails.
ping www.google.com
Ping request could not find host www.google.com. Please check the name and try again.

But nslookup can still work
*** Can't find server name for address 192.168.0.1: Non-existent domain
*** Default servers are not available
Server: UnKnown
Address: 192.168.0.1
Non-authoritative answer:
Name: www.l.google.com
Addresses: 209.85.165.103, 209.85.165.104, 209.85.165.147, 209.85.165.99
Aliases: www.google.com

------------------
Ping isn't going to work with many of the external host sites, so this is normal. If you can do an nslookup on a site, then dns is resolving correctly.
------------------
tenroc2o0o:
I've had the exact same issue on two computers and until I read this form it didn't occur to me it might have to do with SP3. I had just deployed SP2 & SP3 via group policy to over 40 PCs at my clients location while joining all of their computers to the new active directory network.
Basically, unless I use nslookup, DNS doesn't work. This includes Firefox, Internet Explorer, as well as internal active directory lookups to authenticate usernames and passwords against the domain. Noone could log on to the computer as a domain user - had to logon as local admin to work on it.
This means I could, say, "nslookup myserver.mydomain.local", get the IP, and then manually ping the IP and get a reply.
However, if I said "ping myserver.mydomain.local" it would say "Ping request could not find host myserver.mydomain.local. Please check the name and try again."
To me, basically this means nslookup can query because it simply opens a winsock connection on the DNS port and gets a query itself, whereas ping, IE, Firefox, and Windows itself for active directory domain authentication all cannot since they use the DNS Client service.
I had this same problem on now two computers. The first one, which I worked on earlier this week, I ended up formatting the computer to fix.
I tried specifying a static IP & DNS instead of using DHCP.
I tried uninstalling/reinstalling the network adapter.
I checked the Winsock using LSPFix to make sure there weren't any files missing or malware.
I checked hijackthis log for other malware - all clean.
I tried resetting all of the registry entries for the TCP/IP stack using
netsh int ip reset c:\resetlog.txt
SP3 reinstallation fixed all of the DNS query issues.
It's worth noting that even though DNS didn't work, WINS and NetBIOS still did so I could still connect to our server via \\myservername (or by IP of course). (whereas \\myservername.mydomainname.local did not because that's a DNS entry)
I just connected to my server & ran the SP3 update again and it fixed all of the DNS resolution problems.
----------------
Linux
I got the same problem with my two new virtual redhat and suse. It was the directory LDAP client which was the problem. Now both servers are running correctly.
If using linux (redhat or suse):
look at nsswitch.conf & ldap.conf
1) put "bind_policy soft" in /etc/ldap.conf
2) nsswitch.conf must minimum have:
passwd: compat
group: compat
hosts: files dns
networks: files dns
services: files
protocols: files
rpc: files
ethers: files
netmasks: files
netgroup: files
publickey: files
bootparams: files
automount: files nis
aliases: files
3) reboot
4) check with: ping, nmap localhost.
5) now you can enable your ldap client again. (RH: authconfig ; suse: yast2 ldap). It will modify your nsswitch.conf
-------------------
pings and nslookup problems are not related to AD, rather they are based on the client's network configuration and the client side resolver service