AnalogDuck.com

Microsoft has a page entitled Windows Firewall Settings which enumerates appropriate firewall settings to enable each of the Microsoft components, services, server roles and remote administration consoles to function properly.

Some of the more useful items on this page:

"Windows Firewall: DHCP server
Updated: March 2, 2005

Add UDP ports 67 and 2535 to the Windows Firewall exceptions list on the DHCP server.”

“Windows Firewall: DNS server
Updated: March 2, 2005

Add UDP port 53 and TCP ports 53, 139, and 445 to the Windows Firewall exceptions list.”

This is a must for your bookmarks if you are a Windows administrator. I wish I would have come across this page a year ago (which was prior to its publishing) when I had spent a couple days trying to make the Windows Firewall work on an Active Directory domain controller without impeding DC services. I would have known:

"Windows Firewall: Domain controller

Apple has made it damn-near impossible to navigate to the QuickTime only installer, pushing hard on distributing iTunes to every person who just needs QuickTime. After much hair-pulling I came across this chap’s rant, venting from a similar headspace. He has thankfully linked to Apple’s QuickTime only download page. He of course also references the QuickTime Alternative, if you’re into that sort of thing.

I especially appreciate this tip he’s provided to a long-standing annoyance:

“Killing Qttask.exe: QuickTime by default installs the Qttask.exe startup application that is effectively useless. Removing it from starting up with Windows by using Msconfig will only last until the next time you use the QuickTime Player. It will then magically reinstall itself. You can stop this from happening permanently by renaming qttask.exe in the C:\Program Files\QuickTime\ folder to qttask.old “

I was asked today to make a quick list of 5 commonly overlooked mistakes made during Active Directory migration, so... Here's a few things off the top of my head:

1. Overlooking service accounts and accounts that aren't possible to transfer. By "service accounts" I mean services, applications, scripts, scheduled tasks, etc. that log on or authenticate as a user account instead of the "local system" method. For example, the Administrator account cannot be migrated. If services and applications are logging on as Administrator, beware. ;)
   
   
2. Forgetting to set the primary DNS server as 127.0.0.1 when building the first domain controller out and performing the dcpromo. It's also not a bad idea to install the DNS service prior to doing the dcpromo. During the dcpromo process a large number of special DNS entries are created in the Active Directory-integrated DNS. If you've examined the DNS database of an AD-integrated DNS server before, you'll recognize these special entries as the ones which have names beginning with an "_". In order for the entries to be inserted the system being promoted as the domain controller does a DNS lookup to locate the AD-integrated server for the new domain you are creating. If you have your system pointing at a DNS server which knows nothing about the Active Directory you are creating (i.e, your ISP's DNS servers), no AD-integrated DNS server will be found and the dcpromo fails to insert these entries into the AD-integrated DNS.
   
   The good part is that the dcpromo doesn't bother to tell you about this horrible problem and appears to complete successfully. Things even work, for the most part, in the newly created Active Directory. And then weird, inexplicable things begin failing and you spend hours pulling your hair out trying to figure out why... =)
   
   
3. All systems participating in the Active Directory need to be pointing to Active Directory-integrated DNS servers, and the AD server which holds the PDC Emulator role should always be the primary DNS server. Unless you really, really know what you're doing and feel comfortable replicating the special AD-integrated DNS records on other non-AD-integrated DNS servers, you should always point all systems in your domain to the PDC Emulator as the primary DNS server. The PDC Emulator is the most important box in an Active Directory and provides much magic behind the scenes for AD to work.
   
   Remember this if you remember nothing else:For any problem you experience in Active Directory, the first culprit you should always assume is DNS services. DNS is the number one cause of AD failures. (Permissions would be a very close second).
   
   
4. Making certain all of your software and hardware is Active Directory / Windows 2000 / Windows 2003 compatible. Don't underestimate this one. Network appliances that authenticate to NT Windows domains are often not capable of authenticating with AD Windows domains. Firmware upgrades may be necessary if you're lucky. Hardware upgrades may be necessary otherwise. Software applications often face similar challenges. The biggest software culprits are often the industry-specialized applications which are less mainstream and more often critical to the life of a business. Definitely suspect any custom in-house applications or scripts.
   
   
5. Reallocating prior domain's server hardware prematurely. Don't jump the gun. Turn your old systems off but don't format those hard drives until you're absolutely certain you won't ever need them. This is especially true if you are also performing an Exchange migration. I recommend waiting at least a couple months with the hardware standing by, turned off, prior to wiping the drives.

Hope this helps in your own, no-doubt very-painful migration to Active Directory.

I’m compiling a list of items that use to make Windows actually feel aesthetically pleasing to some degree.

Applications

I’ve chewed through a lot of bad applications that have either not worked well, crashed often, or even mangled my whole operating system to the point of requiring re-installation (WindowBlinds on multiple occasions). The following list of applications are applications I found to be stable and pleasant to use:

• multi-patch
• Icon Packager
• BootSkin
• ObjectDock
• Rainmeter
• Rainlender
• ShellEnhancer
• WinAmp 

Skin sites (to load up your apps with skins!):

• Customize.org
• SkinBase.org

This is bar none the coolest extension to come out for Firefox since AdBlock. It blocks all types of scripts from running on any site until you whitelist the site. The status of blocked content and controls are easily accessible from a panel at the bottom of the browser. Whitelists can be imported/exported (for backup/restore or faster whitelist generation) from text files en masse.

Check out the Mozilla Extension page or the official site.

Viewing other’s free/busy times

To see other’s free/busy times in Outlook you must first navigate to an Outlook calendar and then select from any of the items on the Actions menu. This includes any of the appointment, meeting or group schedule items. Selecting any of these will open a dialog where you can view free/busy times.

Opening a dialog for a New Appointment, a New All Day Event, a New Meeting Request, a New Recurring Appointment, or a New Recurring Meeting reveal a window with two tabs: Appointment and Scheduling. Click on the Scheduling tab and add some peoples’ contacts to the schedule in order to view their availability (free/busy time). To add people, simply type their names in the long list of empty fields or select the Add Others drop down menu from the bottom left of the dialog where you can add Contacts from the your personal contacts or the Exchange Global Address List. As you add people their schedules will fill in with colored bars. A key to the colors is available at the bottom of the dialog (solid blue = busy, maroon = out of office and so forth).

I use Darik's Boot and Nuke. It’s open-source, free, reliable and simple. You can download floppy or CD images, boot and select a flavor of erasure. It includes American DoD and Canadian RCMP standards-compliant flavors. See the full feature list.

keywords: wipe, delete

I’m told that most mail service applications on Linux keep their log in /var/log/maillog. Watching this log is as simple as:

tail -f /var/log/maillog