|
|
I'm considering installing a second NIC so that I can be connected to the web and a VPN at the same time.
If I were to open a browser, how does the system decide which network to use for the browser's communications?
The difficult we do right away...
...the impossible takes slightly longer.
|
|
|
|
|
hmm.. InternetOptions? 
|
|
|
|
|
Change the default gateway on each card. You can give each a separate static IP address as well. Go into the IPV4 properties of each adapter to accomplish this.
In the preferences of the VPN client. You should be able to choose which one to use. Or consider using the ROUTE ADD command with the address you to VPN too.
Something worth reading, albeit it's invincible!
|
|
|
|
|
My company just rolled out a beta win7x64 corporate image. I've been using it since Tuesday. I am getting errors that point me towards there being memory fragmentation at the system level.
In particular, the JVM won't run because it can't allocate object heap space and VirtualBox will fail loading a 1GB ram VM, when I have the following (rough) memory stats in resource monitor:
in use:1.9GB Modified: 100MB Standby: 3.1GB Free .9GB
The free memory creeps down until it's gone, the standby never reduces, and I get a error saying there is no memory and the VM kicks the bucket. I need help finding out what is fragging memory so I can convince my IT that it is a problem, and give them a clue where to look.
So, does anyone know any good tools for finding the cause?
Opacity, the new Transparency.
|
|
|
|
|
Try here[^] for the Win 7 SDK, as I think they included a memory testing utility in it.
Other option would be to try and use BootVis to see if a driver is not releasing from bootup or what not.
Try clearing the startup programs and opening Taskbar and seeing what's running for processes/services.
fyi...I've even seen svchost.exe' fill up on RAM from leftover Window's Updates.
Something worth reading, albeit it's invincible!
|
|
|
|
|
Thanks, I will give it a try.
Opacity, the new Transparency.
|
|
|
|
|
hi,
I got a problem with browser credential forwarder. In my network I have ISA server 2004 which configure to control internet access of client machine. The rule that I configure is allow all user to access internet. the only setting that I set is allow user must be authenticate. All of my user are logon using domain credential.
The problem occur because sometime user A could access to website but sometime could not. As I check with the ISA log, I found that the browser did not forward user credential by default. that is why my firewall ISA do not allow the traffic.
so, how could i changed any setting to allow the browser always send credential forwarder to my ISA server to avoid any problem of accessing the internet?
thank,
|
|
|
|
|
Make sure they have "Automatic logon with current username and password" is enabled. To find this open Internet Options, Security, Custom Level, Scroll down to the bottom, and there it shall be.
Another spot to check would be to change "automatically detect settings" in LAN connections in Internet Options. This has caused me grief in the past.
Something worth reading, albeit it's invincible!
|
|
|
|
|
So, I've got a system equipped with a card reader (that I can boot from), a solid-state drive, and 2 conventional hard drives. I want to install Ubuntu on it and have all of it (except the boot partition because it can't) be fully encrypted.
Just so there's no confusion here:
- Full disk encryption: the use of disk encryption software or hardware to ensure that every (or almost every) bit persisted in storage is encrypted and unreadable to unauthorized users. That means anything on the disk that can be covered by encryption will be covered by encryption.
- Linux newbie: Yes. That's me.
- The setup I'm trying to achieve: (Click to see the diagram. [^])
I've already done this successfully using Windows BitLocker on the same system (though I had to apply some blunt-force trauma to get it to do what I want, and it boots without prompting for a password). The same seems to take a bit more work under Ubuntu since the official installers won't perform full-disk encryption without forcing me to type the same passphrase for every partition that needs to be decrypted.
From what I've read elsewhere, I've got a general idea what I have to do (install normally, move directories, change mount points, modify fstab and cryptab), but nothing concrete.
My GUID: ca2262a7-0026-4830-a0b3-fe5d66c4eb1d
Now I can Google this value and find all my Code Project posts!
|
|
|
|
|
|
I've read the first two before posting, but the third one pretty much describes the same thing. The problem I have with the official installer's behavior is that it requires typing in a password for every single encrypted device even and doesn't give the option to use a single password to decrypt all of them—hence my desire to introduce a "key partition" in a removable medium to handle automatically decrypting them; I would only have to type in the password for the key partition achieving a convenient 2-factor authentication setup.
My GUID: ca2262a7-0026-4830-a0b3-fe5d66c4eb1d
Now I can Google this value and find all my Code Project posts!
|
|
|
|
|
There are systems (like MobileArmor/DataArmor, which I used previously) that encrypt under the OS. My company uses one by McAffee that is smart enough to log me into Win7 without a 2 password requirement, though Win7 handles login from locked system.
I'd google FIPS 140-2 and linux.
Here is an open source system that rides under linux[^]
I suspect there are others. FIPS 140-2 is one of the NIST certifications for encryption sw. It was the standard a DoD project I worked on used. Good luck.
Opacity, the new Transparency.
|
|
|
|
|
Lee, Gun-Woon,
Just to pitch in my two cents... You may not be able to achieve what you want with a solution other than TrueCrypt. The only reason I say that is because you made it very clear that you want...
Lee, Gun-Woon wrote: "...every (or almost every) bit persisted in storage is encrypted and unreadable to unauthorized users."
However, you very likely already know that there are elements on the disk that cannot be encrypted (ie: boot partition). There is one additional element that cannot be encrypted using any FDE software that boots from the same disk (or any that I am aware of) - the partition definitions (ie: start and stop LBAs).
The reason TrueCrypt is excellent in a situation like this is because it can create an altogether hidden operating system[^]. Their methods are rather tactful and if your situation requires security that can thwart others' attempts at getting to your data *even after you give them the pre-boot authentication password*, than this is what you want.
Now, about your BitLocker setup. The reason BitLocker isn't requesting a password for it's pre-boot authentication is because your motherboard has something called a Trusted Platform Module (TPM) installed on it. You probably already know that since you likely had to activate the thing before the encryption process could start. Anyway, the TPM holds the en/decryption keys to your encrypted partition. When the system boots, the system partition (Windows' 100MB boot partition) authenticates with the TPM, exchanges keys, and boots the encrypted partition by decrypting it on-the-fly. When the TPM is locked or the disk configuration changed, or the disk is booted on a different system, or any number of things - this will cause Windows to start the BitLocker bootloader in a recovery mode. You will be prompted for a password if and when this occurs.
I'm also new to Linux myself (I've been aspiring to the genius required to understand Unix's simplicity[<ahref="http: en.wikipedia.org="" wiki="" unix_philosophy"="" target="_blank" title="New Window">^] for some time now...). Anyway, I think you'll be hard pressed to find an Open Source Software (OSS) implementation of a FDE package that supports hardware en/decryption components. The only one I've seen that can use a TPM is TpmCrypt[^] (which, ironically, seems to have an invalid certificate for their website!).
Moving along to your specific desired setup - the partitioning scheme you have illustrated is possible with TrueCrypt. Now, there is the normal way of doing things - then there is tuning the system for every last drop of performance possible. Here's a quick exit - if you'll be installing the entire system to the SSD, don't bother with tuning the partitions. It won't gain you anything.
If you'll be using any portion of the ATA/SATA disks, then you'd do well to put the swap partition on the SSD. This is important with any non-hardware en/decryption solution because all of the data must be en/decrypted either in RAM or in swap space (even if the encryption software pushes all of the normal memory functions to swap and reserves the physical RAM for itself, you'll still want to make sure that your swap disk is fast enough to keep up). Anyway, I'll let you figure out the rest of the partitioning.
Let me know what you end up doing, I'm interested to find out what route you take!! I just recently made the switch to Linux on my personal computer and am currently trying to get my way through some of the rough spots associated with the switch. Three main areas that are giving me nightmares are GRUB, RAID, and FDE.
|
|
|
|
|
I actually have TrueCrypt working on my other Ubuntu installations, but they just protect the files and not the entire system[^]. It's one reason TrueCrypt isn't an option.
For my Windows BitLocker setup, I built the entire system myself. I couldn't find any motherboard with a TPM, so I had to make a few group policy changes as an administrator to force BitLocker to work without it. Using the command line tools for managing BitLocker, I made it deposit the boot key in the 100MiB system partition; since the system partition resides on a removable medium there's nothing an attacker can tamper with on the hard drives but pure "random" bits.
As for the setup I'm trying to achieve, Linux's dm-crypt is pretty much the only free and flexible solution that I know of that allows for it. In fact, I've gotten as far as make it work like in the diagram[^] (2-factor authentication and all) except it asks for the password 4 times (once for each partition). It's quite annoying and an issue that I'm willing to investigate how to eliminate in an otherwise perfect setup.
My GUID: ca2262a7-0026-4830-a0b3-fe5d66c4eb1d
Now I can Google this value and find all my Code Project posts!
|
|
|
|
|
|
Why must you "do away" with "My Documents?"
Why don't you simply not store anything there?
The difficult we do right away...
...the impossible takes slightly longer.
|
|
|
|
|
I'd use "Map Network Drive" rather than UNC; and set sharing options.
|
|
|
|
|
As I recall in XP you can right click on 'My documents', go to properties and move where it lives.
I'm not sure if that's what you need but that might help you.
I don't know if the others have the same method.
Why are you running any windows before xp? And why Vista at all?
I'm curious, I can imagine a few reasons but they have to do with specialized hardware/software.
_____________________________
Give a man a mug, he drinks for a day. Teach a man to mug...
The difference between an ostrich and the average voter is where they stick their heads.
|
|
|
|
|
Hi, Thanks
A Very Helpfull Hint. I will work on that to start cleaning up my own shop.
smcnulty2000 wrote: Why are you running any windows before xp? And why Vista at all?
I'm
curious, I can imagine a few reasons but they have to do with specialized
hardware/software.
Well, I developed a package to run Laundrettes and Drycleaners. The Latest Upgrade will run on Win98. It runs more reliable on Win XP. However, that's no longer for sale. We offer Win XP Computers for sale, but they are recycled. The day of having those available will run to an end Some Day.
In the near future, we will have to start recycling Vista Computers.
There are only a few of our customers that have more than One terminal. The main support concern has actually nothing to do with us, but, they are still our customers, and we try to help.
Everybody on Every Terminal is signed on as Administrator. (Do not lecture me on how bad an Idea that is, I've written several GigaByte of messages on this forum about why this is required, and Very Safe in the Environment used.)
It works all very fine for our own software, but, when a User saves say a Letter from MSWord under My Documents\Letters\Company, it is Everybody's guess where it is being Stored.
The bottom line is, we need a Single 'My Documents' Folder, which always points to a Single Folder on One Single Computer.
Regards,
Bram van Kampen
|
|
|
|
|
I believe they call that a network share...
As someone stated above, map a drive on each PC...you can edit the default location of the My Documents in Regedit as well.
Something worth reading, albeit it's invincible!
|
|
|
|
|
Not sure if this is the correct forum but didn't know where else to put it.
I have a few (actually a lot) of clients still on XP SP3 using various versions of Internet Explorer. They download files from a particular Web site where the files have non-standard file extensions like .2345 or .522AB. On a couple of systems the Save Type As defaults to Text and then appends a .TXT extension to the file. I need the files to have the original extensions.
I've tried adding the extensions to Registered File Types and I've looked everywhere for a default download file type, but can't find anything. Also searched the Web (honest) but am stumped and it's driving me crazy.
It’s not because things are difficult that we do not dare, it’s because we do not dare that things are difficult. ~Seneca
|
|
|
|
|
[Probably lives in web dev forum, but I'll answer here.]
If you have control/influence over the server, check and adjust the Content-type and Content-Disposition HTML meta headers. If the browser they use has a single brain cell left, you should be able to tell it (a) that the file is plain text and (b) [edit] where (i.e. the filename) [/edit] to save it by default.
hth
Peter
[edit] clarified use of disposition as marked. [/edit]
Software rusts. Simon Stephenson, ca 1994.
modified 15-Dec-11 19:06pm.
|
|
|
|
|
Thanks for the reponse but this isn't a programming question. What I can't figure out is how IE should be configured so that there is no default file type when downloading files for extensions it doesn't recognize.
It is an absolute certainty that there are no certainties. ~ Christopher Hitchens 1949-2011
|
|
|
|
|
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Praise 
Rant 
Admin 
Submit an article or tip
