網頁

2011年9月10日 星期六

Bulk rename utility

If you want to rename a extension of file, it is very simple to do it by right-click this file next to click "rename" in the menu. But if the file is very much, we need to repeat the same activity. I think it is not smart and spend more time for me. Whether has a simple method to do it? That is "Bulk Rename Utility".

To execute this utility and select the file you want to rename extension.

To change extension option from "Same" to "Remove".

You will see the final new name as green font in the screen.

If it is true what you want to do it, click "Rename" button to change it.

So do that you will see the files' extension is renamed right now. Save the time very much!

Although it is a little utility, it will be very convenient for us to do "Bulk Rename file" .

2011年9月4日 星期日

Enable Firewall Service between windows 2003 AD and 2008 R2 AD

In general, we often install AD without firewall function on our corporation or lab environment. So do that it will be easy to build AD. Although we know it is not safety or strict on system setting, we always disable window firewall service for avoiding the redundant effort in any troubleshooting. As you know,it will have a little chance for Cracker if there is existing any open port on O.S. If there is extra security hole on O.S., maybe it will be good channel pass through this and let system or application function crash suddenly.

As the previous article "Samba 3 join Windows AD", I also do the same behavior for avoiding firewall limitation. So do that I will focus on the relationship between Samba and AD and it will be easy to troubleshoot for us. But I know, it is not exact action because I assume there is no existing any security on system.

Time is up to enable firewall function on Windows platform!
How to do it?
That is the AD function still be normal after enable firewall service between Windows 2003 AD and Windows 2008 R2 AD.

At first, the AD replication need to be concerned. The second is FRS function. The last is RPC for net logon or join Domain. Please follow the next process to realize how to change setting on AD!

Ø  Configure all Domain Controllers TCP port number for AD Replication to use a specific port
1.      Add the following registry value on HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
§  If Windows 2003 Server

§  If Windows 2008 R2 Server

§  Set “TCP/IP Port” on Value name and “53211” (Decimal) on Value data

2.      Add the following setting on firewall
§  If Windows 2003 Server

Write down a firewall rule Name and “53211” Port number, next to click “OK” button

§  If Windows 2008 R2 Server

Select “Port” option next to click “Next > ”  button

Set “53211” value on Special local ports field next to click “Next >”  button

Click “Next > “ button

Click “Next > ” button

Write down a firewall rule Name and click “Finish” button



Ø  Configure all Domain Controllers TCP port number for FRS to use a specific port
1.       Add the following registry value on HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters
§  Windows 2003 Server

§  Windows 2008 R2 Server

§  Set “RPC TCP/IP Port Assignment” on Value name and “53212” (Decimal) on Value data



2.       Add the following setting on firewall
§  If Windows 2003 Server

Write down a firewall rule Name “File Replication Service” and “53212” Port number, next to click “OK” button


§  If Windows 2008 R2 Server

Select “Port” option next to click “Next > ”  button

Set “53212” value on Special local ports field next to click “Next >”  button

Click “Next > “ button

Click “Next > ” button

Write down a firewall rule Name and click “Finish” button




Ø  Configure all Domain Controllers TCP port number for RPC to use a specific port
1.      Add the following registry Key “Internet” under
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
§  If Windows 2003 Server

§  If Windows 2008 R2 Server

2.      Add the following registry value on
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Internet
§  Under the Internet key, add the values "Ports" (MULTI_SZ)

§  Set “Ports” on Value name and “5000-5100” on Value data

§  Under the Internet key, add the values "PortsInternetAvailable" (REG_SZ) and "UseInternetPorts" (REG_SZ)

§  Set “PortsInternetAvailable” on Value name and “Y” on Value data

§  Set “UseInternetPorts” on Value name and “Y” on Value data

3.      Add the following setting on firewall
§  If Windows 2003 Server

Create multiple ports from the command prompt by the following scripts

: Delete multiple ports by the following scripts

So do that you will see the ports is created for RPC range

§  If Windows 2008 R2 Server

Select “Port” option next to click “Next > ”  button

Set “5000-5100” value on Special local ports field next to click “Next >”  button

Click “Next > “ button

Click “Next > ” button

Write down a firewall rule Name and click “Finish” button

When the previous setting has already been finished and firewall service is enabled, the system need to be rebooted next to verify whether AD Replication, FRS and RPC for net logon also are normal. So you can run Dcdiag.exe on prompt command to confirm the function is not any problem.

If there is any error message on report, please double-check whether the setting is wrong or forget to change any parameter. Just only one solution ---- try and error by yourself!
Ø  Verify the state of  all Domain Controllers by Domain Controller Diagnostic tool (Dcdiag)

Open a text file to confirm whether exist “passed test” words if it success

Since 2010 Design by Davidwa
©Copyright Davidwa Inc. All rights reserved.