Author: wooway
How to allow Secure FTP protocol (aka FTPS or FTP over SSL/TLS) through ISA server?
This is a little complicated. I have to copy the whole article from Stefaan Pouseele Blog.
When you have to support the Secure FTP protocol (aka FTPS or FTP over SSL/TLS) with ISA Server 2000 you have to take some tough decisions, especially if you have to allow Explicit Security. In that case, the Secure FTP protocol uses the default FTP control connection (TCP port 21). Because the FTP Application Filter can’t and will never understand the Secure FTP protocol, and this is by design, you have to unbind the FTP Application Filter from the FTP protocol in order to support Secure FTP in Explicit Security mode. Of course this breaks the normal FTP support. For more information, check out my FTP article How the FTP protocol Challenges Firewall Security, section ‘5. What about Secure FTP’.
With ISA Server 2004 and 2006 we can solve that Secure FTP dilemma by applying what is explained in the recent ISA Server Product Team Blog article Why do I need a deny rule to make an allow rule for a custom protocol work correctly?. As with HTTP, the binding of the FTP Application Filter to the FTP protocol is a global setting. Moreover, the default FTP protocol definition only specifies the FTP Control connection (primary connection) because the FTP Application Filter handles the Data connections (secondary connections). In other words, unbinding the FTP Application Filter will only allow the FTP Control connection but not the Data connections. So, in order to solve the Secure FTP dilemma we will have to do some more work.
First of all we have to create a custom protocol definition for the Secure FTP protocol (FTPS) as shown in the figure below:
Some important characteristics of the FTPS protocol definition are:
- The FTPS Control connection (Primary Connections) uses TCP port 21 for the Explicit Security mode and TCP port 990 for the Implicit Security mode.
- The FTPS Data connection (Secondary Connections) should be defined as Outbound because only FTPS passive mode can work with a NAT relationship. It is also recommended that the Port Range is specified as exactly as possible. If you don’t know on which ports the Secure FTP server will listen for the data connection, you can specify all unprivileged ports > 1023 (1024 – 65534).
- With the above protocol definition, only Firewall clients will be able to connect to the Secure FTP server due to the secondary connections. If you have to support SecureNAT clients too, you need to adjust the above protocol definition by moving the FTPS Data connection from the Secondary Connections to the Primary Connections section. However, be aware of the security risk associated with specifying such a large port range in the Primary Connections section.
Next, to allow the FTPS traffic, you need to create two access rules:
- An access rule that uses the custom FTPS protocol and allows traffic from the source network to the computer objects representing the Secure FTP servers.
- An access rule that uses the predefined FTP protocol and denies traffic from the source network to the computer objects representing the Secure FTP servers.
Finally, the new allow rule must come before your original rule that allows the normal FTP traffic from the same source network in the ordered list of policy rules, and the new deny rule should be placed immediately after the new allow rule as shown in the figure above.
Here are other references:
https://blogs.technet.com/isablog/archive/2006/09/25/458810.aspx
How to Change the Default Installation Path for FTP and the Web
If you’ve installed IIS 4.0, you’re accustomed to being asked where you would like the default website and sample files to be located. Like you, many administrators are surprised to find that IIS 5.0/6.0 is installed by default to the %systemroot% folder without asking you where you would like for Inetpub to be located.
Here is the answer: http://support.microsoft.com/kb/259671
To change the default installation paths for FTP and the Web during an unattended component installation (this applies to Windows Server 2003), you must follow this procedure:
- Create an unattended install file and name it Iis.txt. This file will be accessed during the unattended component installation. The answer file can be any Windows 2000 answer file. It must contain a "Components" and an "InternetServer" section header. For example:
[Components] iis_common = on iis_inetmgr = on iis_www = on iis_ftp = on iis_htmla = on [InternetServer] PathFTPRoot=D:\Inetpub\Ftproot PathWWWRoot=D:\Inetpub\Wwwroot
- Use the Sysocmgr.exe command to start the installation of the FTP or Internet Information Services components. Assuming the answer file that you created in step 1 was named Iis.txt, the command line to execute the installation would be:
sysocmgr /i:%windir%\inf\sysoc.inf /u:c:\iis.txt
Note that you could also use a batch file to execute the setup. The batch file must contain a command similar to the command above.
And other references:
http://technet.microsoft.com/en-us/library/bb878094.aspx — An IIS Insider article on IIS 5
http://support.microsoft.com/kb/309506
http://technet.microsoft.com/en-us/library/cc739359.aspx
http://technet.microsoft.com/en-us/library/cc738490.aspx
http://technet.microsoft.com/en-us/library/cc739359.aspx
http://technet.microsoft.com/en-us/library/cc738490.aspx
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/efefcb53-b86e-4cac-9b4b-fcf5f1145aa9.mspx?mfr=true
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/80455459-01b0-4961-aeab-081ce2eb03a4.mspx?mfr=true
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/80455459-01b0-4961-aeab-081ce2eb03a4.mspx?mfr=true
美国汽车三巨头坐着各自的喷气专机去华府讨钱, 还口口声声说他们要节约开支…
读了这篇CNN的报道, 真是无语.
Big Three auto CEOs flew private jets to ask for taxpayer money
Story Highlights
- Lawmaker: Flying jet to hearing like going to "soup kitchen in high hat and tuxedo"
- Rep. Brad Sherman asked CEOs whether they would fly back commercial
- Company representatives pointed to safety, travel policies as reasons for flying jets
By Josh Levs
CNN
CNN
(CNN) — Some lawmakers lashed out at the CEOs of the Big Three auto companies Wednesday for flying private jets to Washington to request taxpayer bailout money.
"There is a delicious irony in seeing private luxury jets flying into Washington, D.C., and people coming off of them with tin cups in their hand, saying that they’re going to be trimming down and streamlining their businesses," Rep. Gary Ackerman, D-New York, told the chief executive officers of Ford, Chrysler and General Motors at a hearing of the House Financial Services Committee.
"It’s almost like seeing a guy show up at the soup kitchen in high hat and tuxedo. It kind of makes you a little bit suspicious."
He added, "couldn’t you all have downgraded to first class or jet-pooled or something to get here? It would have at least sent a message that you do get it."
Rep. Brad Sherman, D-California, asked the three CEOs to "raise their hand if they flew here commercial. Let the record show, no hands went up. Second, I’m going to ask you to raise your hand if you are planning to sell your jet in place now and fly back commercial. Let the record show, no hands went up."
The executives — Alan Mulally of Ford, Robert Nardelli of Chrysler and Richard Wagoner of GM — did not specifically respond to those remarks. In their testimony, they said they are streamlining business operations in general.
When contacted by CNN, the three auto companies defended the CEOs’ travel as standard procedure.
Like many other major corporations, all three have policies requiring their CEOs to travel in private jets for safety reasons.
"Making a big to-do about this when issues vital to the jobs of millions of Americans are being discussed in Washington is diverting attention away from a critical debate that will determine the future health of the auto industry and the American economy," GM spokesman Tom Wilkinson said in a statement.
Chrysler spokeswoman Lori McTavish said in a statement, "while always being mindful of company costs, all business travel requires the highest standard of safety for all employees."
Ford spokeswoman Kelli Felker pointed to the company’s travel policy and did not provide a statement elaborating.
But those statements did little to mollify the critics.
"If it is simply the company’s money at stake, then only the shareholders can be upset or feel as it it might be excessive," said Thomas Schatz, president of the watchdog group Citizens Against Government Waste.
But in this case, he said, "it’s outrageous."
"They’re coming to Washington to beg the taxpayers to help them. It’s unseemly to be running around on a $20,000 flight versus a $500 round trip," Schatz added.
The companies did not disclose how much the flights cost.
Analysts contacted by CNN noted that the prices vary with the size of the plane and the crew, and whether the aircraft is leased or owned by the company.
Analyst Richard Aboulafia of the Teal Group said that $20,000 is a legitimate ballpark figure for a round trip corporate jet flight between Detroit, Michigan, and Washington.
When asked whether they plan to change their travel policies as part of the restructuring needed to shore up their finances, none of the companies answered directly. But they said they have cut back on travel in general as revenues have fallen.
CNN’s Emily Anderson and Virginia Nicolaidis contributed to this report.
| Find this article at: http://www.cnn.com/2008/US/11/19/autos.ceo.jets/index.html#cnnSTCVideo |
I didn’t try this yet, will provide update soon.
1080p through VGA procedure
source: http://www.avsforum.com/avs-vb/showthread.php?p=12368250&highlight=1080P+VGA+Powerstrip#post12368250
——————————————————————————–
OK folks, here is how I achieved 1920x1080p resolution through the VGA input of my Sharp LCD-TV.
First, a list of my hardware and software:
– Sharp LC-42D64U, serial no. B708, firmware update U0709111
– HP Pavilion a1250n computer with Athlon 64 X2 3800+ 2.0 GHz CPU
– Windows XP Media Center Edition with SP2
– ATI Radeon Xpress 200 Series integrated graphics card
– PowerStrip version 3.75 downloaded from www.entechtaiwan.com/ps.htm
– Sharp LC-42D64U, serial no. B708, firmware update U0709111
– HP Pavilion a1250n computer with Athlon 64 X2 3800+ 2.0 GHz CPU
– Windows XP Media Center Edition with SP2
– ATI Radeon Xpress 200 Series integrated graphics card
– PowerStrip version 3.75 downloaded from www.entechtaiwan.com/ps.htm
Step-by-step procedure:
1. Click on the PowerStrip icon in the Task Bar
2. Select "Display Profiles" -> "Configure…"
3. Set display to native 1600×1200, 60 Hz using the resolution scroll bar if it is not already at that resolution.
4. Next, select "Advanced Timing Options"
5. Select "Custom resolutions"
6. From the scroll-down "User-defined and preset resolutions" menu, select: "1920x1080p 60Hz (EIA/CEA-861B)"
7. Click the "Add new resolution" button
8. This caution message appeared: "This parameter you have specified may be beyond the capabilities of your monitor or graphics card. Please recheck the resolution, horizontal and vertical refresh rates, and pixel clock to ensure they are within spec. Press OK to continue or Cancel to adjust the values." Click "OK"
9. This message appeared: "The display driver has accepted the new resolution. Do you want to try to switch to the new resolution at this time?" Click "OK"
10. This message appeared: "The display has been reconfigured. Do you want to keep these changes?" Click "Yes"
11. Click the "Close" button on the Custon Resolutions window.
12. You should now be back in the "Advanced timing options" window. At this point, I had to adjust the Synchronization Horizontal +/- and
the Vertical +/- polarities as well as the vertical geometry refresh rate. I scrolled the vertical refresh rate to 61.900 Hz to reduce slight
screen flicker (this may be different for your graphics card). 13. Next, click OK button on the "Advanced timing options" window.
14. At the "Display profiles" window under Profiles, click "Save as.." and save your profile under a unique name.
15. Finally, click "OK" to close the "Display profiles" window.
1. Click on the PowerStrip icon in the Task Bar
2. Select "Display Profiles" -> "Configure…"
3. Set display to native 1600×1200, 60 Hz using the resolution scroll bar if it is not already at that resolution.
4. Next, select "Advanced Timing Options"
5. Select "Custom resolutions"
6. From the scroll-down "User-defined and preset resolutions" menu, select: "1920x1080p 60Hz (EIA/CEA-861B)"
7. Click the "Add new resolution" button
8. This caution message appeared: "This parameter you have specified may be beyond the capabilities of your monitor or graphics card. Please recheck the resolution, horizontal and vertical refresh rates, and pixel clock to ensure they are within spec. Press OK to continue or Cancel to adjust the values." Click "OK"
9. This message appeared: "The display driver has accepted the new resolution. Do you want to try to switch to the new resolution at this time?" Click "OK"
10. This message appeared: "The display has been reconfigured. Do you want to keep these changes?" Click "Yes"
11. Click the "Close" button on the Custon Resolutions window.
12. You should now be back in the "Advanced timing options" window. At this point, I had to adjust the Synchronization Horizontal +/- and
the Vertical +/- polarities as well as the vertical geometry refresh rate. I scrolled the vertical refresh rate to 61.900 Hz to reduce slight
screen flicker (this may be different for your graphics card). 13. Next, click OK button on the "Advanced timing options" window.
14. At the "Display profiles" window under Profiles, click "Save as.." and save your profile under a unique name.
15. Finally, click "OK" to close the "Display profiles" window.
Voila! 1080p and dot-by-dot view mode. Please let us know if this procedure works for your particular hardware. Also note that if you get to step 10 and the screen resolution is not 1920×1080, go back to step 1 and try again. It took me two tries before the 1080p resolution worked. Good luck to all.