Archive for October, 2009

Disable Complex Password Security

Windows Server 2003 provides security policies that ensure that all users select strong passwords. Creating a password policy involves setting the following options in the Default Domain Group Policy object. These policies, with the exception of those settings related to password lifetime, are enforced on all users in a domain.

The default password filter (Passfilt.dll) included with Windows Server 2003 requires that a password:

  • Is not based on the user’s account name.
  • Contains at least six characters.
  • Contains characters from three of the following four categories:
    • Uppercase alphabet characters (A–Z)
    • Lowercase alphabet characters (a–z)
    • Arabic numerals (0–9)
    • Nonalphanumeric characters (for example, !$#,%)

As stated above, this policy is enabled by default.

In some occasions, such as testing, lab-building, classes and so on, you might want to disable this built-in requirement.

Security Warning: Bare in mind that this setting can only be enabled/disabled at the domain level, and NOT on an OU level. Disabling the password requirement for an entire domain will lower your security configuration, and should only be done when absolutely necessary.

In order to disable this requirement you need to edit the Default Domain Policy for your domain.
Go to Administrative tools folder.
Double-click on the Default Domain Security Policy icon.
Note: If for any reason you dont see that icon you can still edit the Default Domain Group Policy from the AD Users and Computers snap-in, or from a GPMC window (if you have GPMC installed – Download GPMC).
Navigate to Security Settings > Account Policies > Password Policy.
Right-click on the Minimum Password Length option in the right pane and select Properties.

Keep the V on the Define Setting selected! Do not remove the V from that check-box. Removing the V will cause the GPO to revert to the default setting, which is what we are trying to remove in the first place.
Enter 0 (zero) for the number of minimum characters required in a password.

Now double-click on the Passwords Must Meet Complexity Requirements option in the right pane.

Again, do not remove the V from that check-box. Instead, select Disabled.

Click OK all the way out and close the GPO window.

In order to refresh the policy type the following command in a CMD window and click ENTER:

gpupdate /force

Done.

No Comments

Delete Print Quene in Windows Batch Script

@echo off
net stop spooler
echo Deleting All Print Queue
del /F /Q %SYSTEMROOT%\system32\spool\PRINTERS\*.*
net start spooler
pause

No Comments

潛龍勿用

出自《易經.乾卦》初九:“潛龍,勿用。”

《象》曰:潛龍勿用,陽在下也。意思是男人地位太低時要隱藏實力,不要太囂張。

子 曰:“龍德而隱者也。不易乎世,不成乎名,遁世無悶,不見是而無悶。樂則行之,憂則違之,確乎其不可拔,潛龍也”。意思是修行高尚的人一般也是比較隱匿的 人士。不因為外物的改變而改變,不追求功名利祿,不為混世、對錯而煩惱,高興則行之,擔憂的事則避開。確保自己要有特立獨行的修養,不受任何時代、環境所 影響。這就是潛龍了。

總括而言,一個人有才華,在潛伏時期還不能發揮作用,須堅定信念,隱忍待機,不可輕舉妄動;時機未到,如龍潛深淵,應藏鋒守拙,待機而動。
當個人勢力不足、時機未到的時候,應該努力學習,應該加強自己各種各樣的技能,而不是到處拋頭露臉、到處宣揚。
不要恃才傲物,須內斂,否則很容易被扼殺。在潛龍狀態,應該制訂人生規劃,定下未來五年、十年的發展步驟。

見龍在田

出自《易經.乾卦》九二:“見龍在田,利見大人。”

《象》曰:“見龍在田”,德施普也。意思就是這條龍已經脫離潛伏狀態出現於田野地面,顯現頭角,初露鋒芒,有利於見到身居高位的大人的賞識。《小象》解釋說,九二之所以“見龍在田”,是因為這條龍有所作為,普遍施展自身的陽剛品德,得到世人的認可,產生了廣泛的效應。

子 曰:“龍德而正中者也。庸言之信,庸行之謹;閑邪存其誠,善世而不伐,德博而化。易曰:見龍在田,利見大人,君德也。”意思就是具才德學養的君子而行事能 得合宜中道。平常說話講究信用,平常處事很嚴謹,去邪偽存其誠,對社會有貢獻而不誇耀,德行博厚而能感化人心。易經有說:見龍在田,利見大人。就是具有領 導者的德行修養。

總括而言,一個胸懷大志的人,已經嶄露頭角,但要能成事、成大事,還要向有權有識的人物學習,才會有利於自身的發展。
要立德,把德行普及到大眾,使天下受其教化而有文明氣息。

君子終日乾乾

出自《易經.乾卦》九三:”君子終日乾乾,夕惕若厲,無咎。”

《象》曰:”終日乾乾,反復道也。”意思就是必須終日勤勤懇懇,時時警惕,上下不能得罪,必須自醒、自礪、自強,才能無咎(過錯)。

子曰:「君子進德修業。忠信,所以進德也;修辭立其誠,所以居業也。知至至之,可與幾也。知終終之,可與存義也。是故居上位而不驕,在下位而不憂,故乾乾因其時而惕,雖危無咎矣。」意思就是增進道德與建立功業,堅持誠實說理,則德便自進;撰文要表現真實意圖,不可作虛飾浮文,則保有功業。知 道(進德的程度)而達到它,可以跟他講誠偽微茫的辨別。知道(修業的)結果,終於達到它,可以保存合宜。因此處在上位而不驕傲,處在下位而不憂鬱,所以不 停地前進,隨時警惕,雖處境危險也無害了。

總括而言,當積極選擇之意。當退則退,當躍則躍,可上可下,躍當躍進九五之位,退則退往群眾之淵,才能無咎。

或躍在淵

出自《易經.乾卦》九四:”或躍在淵,無咎。”

《象》曰:或躍在淵,進無咎也。意思就是已經從深淵掉脫出來了,是可上可下最好的時機了,所以說再躍進進不一點都不會有問題的。

子 曰:”上下無常,非為邪也。進退無恆,非離羣也。君子進德修業,欲及時也。故無咎。”意思就是人在一生中,居於巔峰和位於低谷的事情常有,不是妖邪的原 因;處於順境或是逆境的事情都會有,不是說你和別人不一樣。君子應在德業上下功夫,彌補不足,要趕緊去做,這樣就會沒什麼大問題了。

飛龍在天

出自《易經.乾卦》九五,”飛龍在天,利見大人。”

《象》曰:“飛龍在天,大人造也。”意思就是飛在高高的天上,端居高位,極有作為。

子 曰:”同聲相應,同氣相求;水流濕,火就燥,雲從龍,風從虎;聖人作而萬物覩;本乎天者親上,本乎地者親下,則各從其類也。”意思就是同類的事物相互感 應。指志趣、意見相同的人互相響應,自然地結合在一起。水往低濕處流,火往乾燥處燒。雲跟隨龍,風跟隨虎。聖人的作為,使萬物自然而然的感應,真情得以顯 露。以天為本,向上發展,以地為本,向下紮裉,這就是萬物各依其類別相互聚合的自然法則。

亢龍有悔

出自《易經.乾卦》上九,”亢龍,有悔。”

《象》曰:“亢龍有悔,盈不可久也。”意思就是事業的最高成就的頂點,但是凡事就要知進退。達到頂點就有可能走向反面,所以就應該處處小心謹慎。

子曰:”貴而無位,高而無民。賢人在下位而無輔,是以動而有悔也。”意思就是尊貴而沒有實位,高高在上而不獲民心,賢德之人在下位而不來輔佐,因此稍有動作便生悔恨了。
孔子又說:“亢龍有悔,窮之災也。”;“亢龍有悔,與時偕極。”;“亢之為言也,知進而不知退,知存而不知亡,知得而不知喪。其唯聖人乎?知進退存亡而不失其正者,其唯聖人乎!”意思就是飛到極高的地方因為有過失而後悔;發展到了盡頭,再也沒有發展的餘地了,到達終結階段,好比動物臨近死亡,植物臨近乾枯,盛時已逝,難免有悔;亢的意思就是,只知 前進而不知退後,只懂得存在而不懂得消亡,只明白擁有而不明白失去,大概只有聖人,明白進退存亡又不失合宜正當。也大概只有聖人(能明白且能力行又正當合 宜)吧!

群龍無首

出自《易經.乾卦》用九,”見群龍無首,吉。”
意思就是擁有陽氣本佳,但如果過於強勢,物極必反,反而不美。所以最好是位居於群龍中,知所謙虛,不為龍頭,才是吉兆。

No Comments

Allow .exe File be downloaded in IIS

Generally, IIS will do one of three actions given a URL (such as http://server/downloads/app.exe )
1. Treat app.exe as a file resource and allow the static file handler to download it
2. Treat app.exe as a script resource, which means the resource is given to a Script Engine (defined by the Application mapping for the extension),
which does some processing on the resource to generate content to return to the client.
3. Treat app.exe as an executable resource on the server and execute it on the server to generate content to return to the client

These three actions directly correlate to the setting of the “Execute Permissions” on the URL.

You want users to be able to click the link to SAVE the target file — this means that you want to configure IIS to treat app.exe like #1. This means that the virtual directory MUST have “Execute Permissions” set to “None” or “Scripts” in order to allow .exe to be downloadable. This is how Execute permission map to my description above:
Execute Permission: None == #1
Execute Permission: Scripts == #2
Execute Permission: Scripts and Executables == #3

You can actually diagnose your problem by simply looking at the IIS web log files. The access to .exe file probably has 404 2 1260 while the access to ..bat file probably has 404 3 50. Those are the classic security denied reasons.

So, how I would describe your situation is:
1. Regarding the inability to download .exe files — Don’t Set the Execute Permissions on the virtual directory set to “Scripts and Executables”, which causes IIS to try to execute the .exe on the server

No Comments