Advertisements

Yet another way to lock down the internet

http://www.boutell.com/newfaq/browser/restrictie.html

One trick, in order to use a wildcard you have to type it like http://*.google.com  (you need the http:// )

 

2006-10-19: Internet Explorer can be configured to restrict access so that only a short list of approved sites can be accessed by anyone without a special password. Here’s how to do it.

First, though, think about your audience. This can be a useful technique for a special-purpose computer in an office. For your kids, it is less effective because kids can find ways around such limitations. They might install an alternative web browser, disable Content Advisor through the Windows Registry, or boot the computer from a CD instead. And useful research for school often involves accessing many sites you haven’t seen before. For young children, this approach may be useful, but for teenagers there’s no substitute for supervision and education. Put their computer next to yours!

This is not a high-security “kiosk mode” solution. Skilled users can disable Content Advisor by manipulating the Windows Registry or booting from CD. With Windows XP Professional you can reduce the risk by using unprivileged accounts for ordinary users.

Ready to go? Great! Here’s how to lock down Internet Explorer so that only certain sites of your choosing can be accessed. In a nutshell, we’ll do it by telling Internet Explorer to:

1. Use a website “rating service” that doesn’t actually rate any sites,

2. Forbid users from accessing sites that are not rated, and

3. Add the sites we do want to our private list of “Approved Sites” that can be accessed even though they are not rated.

How To Lock Down Internet Explorer

1. Start Windows Notepad. Follow these steps:

Start Menu -> All Programs -> Accessories -> Notepad

Alternatively, right-click on the desktop (not an icon, on a blank area of the desktop), select “New,” and select “Text Document.”

2. Copy and paste the following into Notepad (everything within the parentheses). This is the rating service code for our special rating service that hates everything!


(
(PICS-version 1.0)
(name "Thumbs Down")
(description "A fake rating service that doesn't rate anything.")
(rating-system "http://notreally.madeup")
(rating-service "http://notreally.madeup")
(category
(transmit-as "Please Use The Approved Sites Tab Instead!")
)
)

 

3. Pull down the “File” menu of Notepad and pick “Save As…”

4. In the “File name:” field, type exactly this (copy and paste):

c:\windows\system32\thumbsdown.rat

Note: if you leave out the .rat extension it will not work.

This is correct for most modern Windows computers. Windows NT and 2000 users will need to substitute c:\winnt for c:\windows. If you have installed Windows in a nonstandard place, you will need to account for that. 99% of readers don’t need to worry about this.

5. Click “Save” to save the file.

6. Exit Notepad (File -> Exit).

7. Launch Internet Explorer if it is not already open.

8. Click on the “Tools” menu of Internet Explorer.

9. Select “Internet Options…”

10. Select the “Content” tab.

11. Find the “Content Advisor” box (near the top of the window) and click on “Enable…”

12. If you have ever used Content Advisor before, you will be prompted for your Content Advisor supervisor password. If not, you will be invited to choose one, and to supply a hint to help you remember it.

If you have lost your supervisor password, you will need to delete it so that you can set up a new one. See the excellent PC Hell article, How to Remove Content Advisor Password in Internet Explorer.

13. You will see a message informing you that “Content Advisor has been turned on.” Click OK.

14. Click on “Settings” in the “Content Advisor” box.

15. Click on the “General” tab.

16. Make sure “Users can see sites that have no rating” is not checked. Leave “Supervisor can type a password to allow users to view restricted content” checked. Trust me here: you will need to make exceptions and add new allowed sites, and you won’t want to come all the way into “Internet Options” just to do that. Things come up.

17. Click on “Rating Systems…” in the “Rating systems” box.

18. If you see any Rating Systems listed, select each in turn and click the “Remove” button. You are doing this so that we can set up our special “fake” rating service that doesn’t rate any sites. You can add other rating services back later if you change your mind about using this method.

18. Click the “Add” button. When the list of files appears, select thumbsdown. If you do not see it, you probably didn’t save thumbsdown.rat to the right place in step 4. Go back and correct that.

19. You will see thumbsdown in the list of rating systems.

20. Click “OK” to close the “Rating Systems” dialog.

21. Click on the “Approved Sites” tab in Content Advisor. Type in the name of a site you DO want to allow users to access, such as:

http://www.boutell.com

Then click “Always.” You don’t need the “Never” button as all other sites are already forbidden. You can use the “Remove” button if you add the wrong site by mistake.

22. Repeat step 21 for as many sites as you wish. You can add more sites later, here in the Content Advisor or via the dialog box that pops up when a user tries to access an unapproved site (only with your password, of course).

23. Click “OK” again to dismiss “Internet Options.”

Making Sure It Worked

That’s it! Internet Explorer is locked down.

But did it work? Time to make sure!

First, try to access an approved site. You will get through with no warnings, as long as the site is listed in your “Approved Sites” list and spelled correctly there. Note that “sub-sites” like “mail.example.com” are not automatically approved just because “example.com” is approved! You will need to list them separately.

Now try to access a site you did not allow. You will see Content Advisor’s “Sorry! Content Advisor will not allow you to see this site” page. As the supervisor, you can select “Always allow this Website to be viewed,” “Always allow this Web page (one page, not all pages on the site) to be viewed,” or “Allow viewing only this time” and enter your supervisor password. Other users won’t have the password, so they will not be able to access the site. All they can do is click Cancel and go back to a more appropriate site.

 

 

 

 

 

 

 

Advertisements

Server 2008, Cannot create a quiesced snapshot because the create snapshot operation exceeded the time limit for holding off I/O in the frozen virtual machine.

So in my case this error message is a red herring. This happens for server 2003 or 2008 when the snapshot provider doesn’t get registered correctly. From here http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1019848

To manually register the VMware Snapshot Provider:
  1. Click Start > Run, type cmd, and click OK.
  2. Enter the following commands in sequence:
regsvr32 “C:\Program Files\VMware\VMware Tools\Drivers\vss\VCBRequestor.dll”
regsvr32 “C:\Program Files\VMware\VMware Tools\Drivers\vss\VCBSnapshotProvider.dll”
“C:\Program Files\VMware\VMware Tools\COMREG.EXE” -register “C:\Program Files\VMware\VMware Tools\Drivers\vss\VCBSnapshotProvider.dll” “VMware Snapshot Provider” “vmvss” “VMware Snapshot Provider”
If, when registering the COM application, you see the error error 80110801 when attempting to register the COM application, you must delete the VMware Snapshot Provider COM application.
To delete the VMware Snapshot Provider COM application:
  1. Click Start > Programs > Administrative Tools > Component Services.
  2. Double-click Component Services > Computers > My Computer > COM Applications.
  3. Select VMware Snapshot Provider and press Delete on your keyboard.
  4. Manually register the VMware Snapshot Provider COM application.
If you receive this error when registering the COM applications, you may registry key corruption:
Error: 0x8000FFFF
For more information, see Microsoft’s Knowledge Base article 940184.

Bulk insert into SQL from a file

Of course the file needs to be on your sql server (or a share)

BULK
INSERT CSVTest
FROM ‘c:\csvtest.txt’
WITH
(
FIELDTERMINATOR = ‘,’,
ROWTERMINATOR = ‘\n’
)
GO

 

Dell EqualLogic Multipath Extension Module Default Value Limitations

https://www.interworks.com/blogs/kculwell/2011/06/13/dell-equallogic-multipath-extension-module-default-value-limitations

EqualLogic PS Series SAN Password Recovery

http://mikefrobbins.com/2011/06/16/equallogic-ps-series-san-password-recovery/

 

 

 

 

 

ECM Queue Management

Hi folks, it has been too long!

Well enough with the chitchat, so as some readers might know we have implemented an ECM solution for our accounts payable process. I like to call this our personal ECM cloud. Most recently this has rolled out to our remote locations. So, what has this system gained us?

At first blush, many will often assume that the savings to be gained with imaging\ECM are in storage costs…. WRONG! If you ever implement a system to save on storage, you are doing it wrong!

One of the coolest things we are able to do is see what invoices are piling up on someones ‘virtual desk’  (This of course does rely on timely scanning into the system)

Using some Qlikview *’Magic*, we are to display the total invoices in the system by plant and analyze which are late ( in the queue longer than 7 days, adjustable by a slider) shown as red. Then we can click into a location, let’s pick on Chehalis.

Looking at this tab we can see there is one invoice that is late in the Plant Mgr. Review 1 queue, so lets click on that one and go to the Image Tab

So there is the image of our tardy invoice, hmm entered into the system on the 9th hmm why hasn’t this been approved yet? Let’s go talk to that manager.

In conjunction with the queue management Qlikview, we have also created some *minion’s* i.e. little automated tasks that look at the queues and if they get too large, or too tardy, email the offending person(s).

Another benefit that we have gained is the ability to spread out the load of data entry among many users. Typically, the AP person would have to memorize (or look up) thousands of different vendor numbers. Now, each individual can learn their 10-25 vendor numbers and enter them in, saving the AP person from having to do it. In addition, we added a quick look-up of the vendor name and address so the manager can double check they have the right vendor number.

Since the process is digital, a manager is able to approve invoices from wherever they are able to get a VPN connection. That also goes for pulling up paid invoices too, of course.

Did I mention that it scales well, instead of just one person processing invoices it could be 10, or 100.

At the low end of the spectrum, yes we do save on storage costs, postage, and no longer having to file the invoices away.

Getting access denied on your SSRS, well of course it’s a UAC thang

http://www.iainkick.com/archive/2010/08/the-dreaded-uac-and-ssrs-2008/

So simply right clicking on Internet Explorer (or your alternative browser of choice) when opening the browser and selecting ‘Run As Administrator‘ gave me access to the Site Settings and other links in SSRS. Also running BIDS as Administrator made sure the deployment was successful. We were then able to add users to SSRS and they could access reports as normal.