krypted.com

Tiny Deathstars of Foulness

IIS Express is a simple web server that can run on Windows with a couple of easy features for developers of Windows applications. This includes things like, webhooks, a modern way of accepting POST requests and responding to them. Each IIS Express site is managed on a user basis, as it’s written as a tool to assist with development.

Many web applications will attempt to communicate with one another via a specific port. And when you’re using IIS Express, you’ll need to create a socket binding to that port and allow external users to connect (again, by default, IIS Express is configured for developers to test code on their own machines). To do so, open the IIS Express config file at %userprofile%\documents\iisexpress\config\applicationhost.config (note that the userprofile is here as it’s again, per user). By default, bindings will restrict to localhost as you can see below:

<binding protocol="http" bindingInformation="*:8443:localhost" />

Copy this line and paste it below the first instance, replacing the localhost with * (make sure to leave the first line or your dev tools can’t connect to the server):

<binding protocol="http" bindingInformation="*:8443:*" />

Again, make sure to leave the first binding in place. Then restart the server and you’re good.

January 28th, 2017

Posted In: Windows Server

Tags: , , , , ,

Here ya’ go!

netsh advfirewall firewall add rule name=”KryptedWebhook” dir=in protocol=tcp localport=8443 profile=private remoteip=any action=allow

Wait, what’s that?!?! Let’s break down the options I used here:

  • advfirewall: Yup, it’s the new firewall.
  • firewall: Yup, it’s a firewall.
  • add: I’m adding a new rule. I also could have used delete along with the rule name and removed one. Or show to see one. Or set to augment one.
  • rule: It’s all about rules. Each rule allows for a port and/or an action.
  • name: Every rule needs a unique name. Namespace conflicts will result in errors. If programmatically creating rules, I’ve found it undesirable to use a counter and instead moved to using GUIDs and a hash table.
  • dir: The direction traffic is flowing. In is for incoming traffic or out would be to block outgoing traffic.
  • protocol: Use the protocol, typically tcp or ump, but if pings, might be one of the icmps.
  • localport: The port that is being used (there’s also a remoteport operator for reflections).
  • profile: I mostly use profile of private.
  • remoteip: Set to any but could be set to a given IP for increased security (yes, I know people can spoof these – so your version of the word might be different.
  • action: I used allow, but could have been block (which denies traffic) or bypass.

For further security, I might add a security operator, to allow for an authentication string. You can

You might also need to allow traffic for a given app. To do so, let’s add a rule that does so, the only option for which not mentioned above is program, which is the path to the binary we’re allowing:

netsh advfirewall firewall add rule name="My Application" dir=in action=allow program="C:\kryptedscripts\kryptedcompiledwebapp.exe" enable=yes

To then see the rules and validate that your rules were indeed installed, use:

netsh advfirewall firewall show rule name=all

The reason I call this quick and dirty is that I’m really only covering a small subset of options. Additionally, it would be a bit more modern to do this via powershell using New-NetFirewallRule or one of the many, many other commandlets, such as Copy-NetFirewallRule, Enable-NetFirewallRule, Disable-NetFirewallRule, Get-NetFirewallAddressFilter, Get-NetFirewallApplicationFilter, Get-NetFirewallInterfaceFilter, Get-NetFirewallInterfaceTypeFilter, Get-NetFirewallPortFilter, Get-NetFirewallRule, Get-NetFirewallSecurityFilter, New-NetFirewallRule, Open-NetGPO (cause you can configure the firewall through a GPO), Remove-NetFirewallRule, Rename-NetFirewallRule, Save-NetGPO, Set-NetFirewallRule, Set-NetFirewallSetting, and Show-NetFirewallRule.

January 27th, 2017

Posted In: Windows Server, Windows XP

Tags: , ,

A number of environments need to disable the Notification Center and Action Center features in Windows 10. This can be done using the registry editor or using a Group Policy Object (GPO).

First let’s look at doing so with the registry. As with any mucking around with the registry, when editing, I strongly recommend backing up the registry and/or creating a restore point first. Once done, click Run, enter regedit and hit Enter to open the Registry Editor.

Next, right-click on the HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Explorer registry key and create a new DWORD (32-bit) key. Call the key DisableNotificationCenter and provide the number 1 as the value. Then quit the Registry Editor and restart. Notification Center and Action Center should then be disabled. Simply delete that key and reboot in order to go back.

If the Group Policy Editor is available, click Run and enter gpedit.msc. Then open the User Configuration, navigate to Administrative Templates, click on Start Menu and then choose Taskbar. Open Remove Notifications and Action Center, and move the Enabled option to Disable (if disabling of course). You can then run gpupdate or reboot to see the change.

January 2nd, 2017

Posted In: Windows Server, Windows XP

Tags: , ,

I’ve now installed Windows Server 2012 without a GUI a number of times. And I always seem to end up needing that GUI eventually. So, to get Windows as a feature in Windows Server, use the following command to fire up a powershell environment, entering the admin password when prompted:

runas /user:administrator powershell.exe

Then let’s install all the Windows Features with the word GUI in them:

Get-WindowsFeature -Name *gui* | Install-WindowsFeature -Restart

The server will then reboot and you’ll be looking at a login window. To remove, you can just enter the following:

Get-WindowsFeature -Name *gui* | Remove-WindowsFeature -Restart

May 8th, 2016

Posted In: Windows Server

Tags: , , , ,

May 4th, 2016

Posted In: Active Directory, Windows Server

Tags: ,

One of the easiest things to do in OS X is to remotely run an installation package using the installer command. You can do some similar tasks in Windows, although the commands aren’t quite as cut and dry. The Start-Process command can be used to kick off an executable. Here, we will kick off the msiexec.exe and feed it an argument, which is the msi file to install silently. We’ll then wait for it to complete:

{Start-Process -FilePath "msiexec.exe" -ArgumentList "/i TEST.msi /qb" -Wait -Passthru}

August 19th, 2015

Posted In: Windows Server, Windows XP

Tags: , , , , ,

Hyperion Enterprise is still a 32-bit app. So to get it to run in IIS, you’ll need to make sure that 32 bit apps can run in those containers. To enable 32-bit apps in IIS, run the following command (assuming that IIS is installed in the default location and that your Windows directory is C:\Windows:

C:\Windows\system32\inetsrv\appcmd set config - section:applicationPools - applicationPoolDefaults.enable32BitAppOnWin64:true

If you need to undo this for any reason, simply run the following from a Windows command prompt:

C:\Windows\system32\inetsrv\appcmd set config - section:applicationPools - applicationPoolDefaults.enable32BitAppOnWin64:true

Note: You’ll obviously need to be an admin (or elevate your privileges) to run these commands.

March 12th, 2015

Posted In: Windows Server

Tags: ,

In Windows 10, Microsoft has finally baked a package manager called OneGet into Windows. It works similarly to apt-get and other package managers that have been around for decades in the Linux world; just works in PowerShell, rather than bash. So let’s take a quick peak. First, import it as a module from a PowerShell prompt:

Import-Module -Name OneGet

Next, use Get-Command to see the options for the OneGet Module:

Get-Command -Module OneGet

This will show you the following options:

Find-Package
Get-Package
Get-PackageProvider
Get-PackageSource
Install-Package
Register-PackageSource
Save-Package
Set-PackageSource
Uninstall-Package
Unregister-PackageSource

Next, look at the repositories of package sources you have:

Get-PackageSource

You can then add a repo to look at, using Register-PackageSource. Or, we’ll just fire away at locating our first package, Acrobat:

Find-Package -Name AdobeReader

Or you could pipe that output to the Install-Package option:

Find-Package -Name AdobeReader | Install-Package

Or Firefox, verbosely:

Install-Package -Name Firefox -Verbose

Or ASP.NET MVC silently (using -Force):

Install-Package Microsoft.AspNet.Mvc -Force

In some cases, you can also use the -Version option to define a specific version, which is why I ended up writing this in the first place – swapping between versions of asp has been a bit of a pain since the introduction of its first update, it seems…
PowerShell logo

February 26th, 2015

Posted In: Windows Server, Windows XP

Tags: , , , , , , , , , , , , , ,

Next Page »