www.geekybob.com

Just a short, simple blog for Bob to share his thoughts.

Life after FPSE (Part 6)

31 January 2011 • by Bob • FrontPage, IIS, WebDAV

In this latest installment on my series about configuring your server for hosting without the FrontPage Server Extensions (FPSE), I'd like to discuss a couple of WebDAV best practices that I like to use.

Blocking FPSE-related Folders with Request Filtering

In my How to Migrate FPSE Sites to WebDAV walkthough, I discuss the following FPSE-related folders:

Folder Notes
_fpclass Should contain publicly-available FrontPage code - but should be secured.
_private The FrontPage Server Extensions often keep sensitive data files in this folder, so it should be secured to prevent browsing.
_vti_bin This is the virtual directory for the FrontPage Server Extensions executables. This path is configured to allow executables to function, and since we are migrating sites to WebDAV it should be secured to prevent browsing.
_vti_cnf The FrontPage Server Extensions keep sensitive metadata files in this folder, so it should be deleted or secured to prevent browsing.
_vti_log The FrontPage Server Extensions keep author logs in this folder, so it should be deleted or secured to prevent browsing.
_vti_pvt This folder holds several files that contain various metadata for your website, and should be secured.
_vti_txt This folder contains the text indices and catalogs for the older FrontPage WAIS search. Since later versions of FrontPage only used Index Server, it is safe to delete this folder, but at the very least it should be secured to prevent browsing.
fpdb FrontPage keeps databases in this folder, so it should be secured to prevent browsing.

One of the actions that I usually take on my servers is to lock down all of these folders for my entire server using Request Filtering. To do so, open a command prompt and enter the following commands:

cd %WinDir%\System32\inetsrv

appcmd.exe set config -section:system.webServer/security/requestFiltering /+"hiddenSegments.[segment='_vti_cnf']" /commit:apphost

appcmd.exe set config -section:system.webServer/security/requestFiltering /+"hiddenSegments.[segment='_fpclass']" /commit:apphost

appcmd.exe set config -section:system.webServer/security/requestFiltering /+"hiddenSegments.[segment='_private']" /commit:apphost

appcmd.exe set config -section:system.webServer/security/requestFiltering /+"hiddenSegments.[segment='_vti_log']" /commit:apphost

appcmd.exe set config -section:system.webServer/security/requestFiltering /+"hiddenSegments.[segment='_vti_pvt']" /commit:apphost

appcmd.exe set config -section:system.webServer/security/requestFiltering /+"hiddenSegments.[segment='_vti_txt']" /commit:apphost

appcmd.exe set config -section:system.webServer/security/requestFiltering /+"hiddenSegments.[segment='fpdb']" /commit:apphost

Note: You should only enter the following commands if you are sure that you will not be using FPSE anywhere on your server!

cd %WinDir%\System32\inetsrv

appcmd.exe set config -section:system.webServer/security/requestFiltering /+"hiddenSegments.[segment='_vti_bin']" /commit:apphost

These settings will prevent any of the FPSE-related paths from being viewed over HTTP from a web browser; web clients will receive an HTTP Error 404.8 - Not Found message when they attempt to access those paths. But that being said - when you enable WebDAV for a website by using the Internet Information Services (IIS) Manager, it will configure the Request Filtering settings that enable WebDAV clients to access those paths through WebDAV requests, even though access from a web browser is still blocked. (All of this is made possible through the built-in integration between WebDAV and Request Filtering. ;-]) Enabling access to these folders over WebDAV is necessary if you are opening your website over a WebDAV-mapped drive while you are using authoring clients that do not have native WebDAV support, such as FrontPage or Visual Studio.

Two Sites are Better Than One

In part 4 of this blog series I discussed why I like to set up two websites when using WebDAV; as a quick review, here is the general idea for that environment:

There is a list of several reasons in that blog post why using two sites that point to the same content can be beneficial, and I won't bother quoting that list in this blog post - you can view that information by looking at that post.

But that being said, one of the items that I mentioned in that list was using separate application pools for each website. For example:

This configuration helps alleviate problems from uploading invalid Web.config files that might otherwise prevent HTTP access to your website. By way of explanation, the WebDAV module attempts to validate Web.config files when they are uploaded over WebDAV - this is done to try and prevent crashing your HTTP functionality for a website and being unable to fix it. Here's what I mean by that: IIS 7 allows configuration settings to be delegated to Web.config files, but if there is a mistake in a Web.config file, IIS 7 will return an HTTP Error 500.19 - Internal Server Error message for all HTTP requests. Since WebDAV is HTTP-based, that means that you won't be able to fix the problem over WebDAV. (If the WebDAV module didn't perform any validation, that means that your website would become unusable and unrepairable if you had uploaded the bad Web.config file over WebDAV.) To help alleviate this, the WebDAV module performs a simple validation check to prevent uploading invalid Web.config files. But if you save an invalid Web.config file through some other means, like the local file system or over FTP, then you will have no way to repair the situation through WebDAV.

This leads us back to the idea that you can implement when you are using two websites - you can configure the application pool for the WebDAV-enabled website to ignore delegated configuration settings; so it doesn't matter if you have an invalid Web.config file - you will always be able to fix the problem over WebDAV. To configure an application pool to ignore delegated configuration settings, open a command prompt and enter the following commands:

cd %WinDir%\System32\inetsrv

appcmd.exe set config -section:system.applicationHost/applicationPools /[name='authoring.example.com'].enableConfigurationOverride:"False" /commit:apphost

Note: you need to update the highlighted section of that example with the name of your website, such as "Default Web Site," etc.

When you have two websites configured in this example and you have an invalid Web.config file that is causing the HTTP 500 error for the www.example.com website, you can still connect to authoring.example.com via WebDAV and fix the problem.

More Information

For additional information on the concepts that were discussing in this blog, see the following topics:

I hope this helps. ;-]


Note: This blog was originally posted at http://blogs.msdn.com/robert_mcmurray/

IIS 6: Setting up SSL - Overview

31 January 2011 • by Bob • IIS

Many years ago I wrote a series of instructions that used dozens of screenshots in order to show my coworkers how to set up and enable Secure Sockets Layer (SSL) communications in IIS 5, which I eventually turned into a blog series on one of my personal blog sites. A few years later I wrote a sequel to that series of instructions for my coworkers, and I wanted to turn that into a series of walkthroughs in the IIS.net website. Sometime ago I proposed the idea to Pete Harris, who was in charge of IIS.net at the time, but then I changed jobs and we scrapped the idea. We followed up on the idea a short time ago, but we just couldn't find a place where it made sense to host it on IIS.net, so Pete suggested that I turn it into another blog series. With that in mind, over a series of several blog entries I will show how to configure SSL on IIS 6.

Note: This first post will leverage a lot of the content from the overview that I wrote for my IIS 5 blog series, but subsequent posts will reflect the changes in IIS 6.

Much like IIS 5, setting up SSL on IIS 6 is pretty simple. SSL is a Public Key/Private Key technology, and setting up SSL is essentially obtaining a Public Key from a trusted organization. The basic process for working with SSL is reduced to the following actions:

  1. Creating a Certificate Request
  2. Obtaining a Certificate from a Certificate Authority
  3. Installing the Certificate

While not necessary, installing certificate services on your computer is helpful when troubleshooting SSL issues, and I'll discuss that later in this blog series.

Creating a Certificate Request

This is a series of steps that need to be performed on the web server, and they differ widely depending on the server and version. A web administrator is required to enter information about their organization, their locality, etc. This information will be used to validate the requester.

Obtaining a Certificate from a Certificate Authority

This is when a web administrator submits their request for a certificate to a Certificate Authority (CA), which is a trusted organization like VeriSign or Thawte. For a list of trusted organizations, see the following section in Internet Explorer.

You can choose to trust a new CA by obtaining the Root Certificate from the CA. (I'll post an Obtaining a Root Certificate blog with more information later.)

Installing the Certificate

After a request has been processed by a CA, the web administrator needs to install the certificate on the web server. Once again, this series of steps needs to be performed on the web server, and the steps differ depending on the web server and version.

For the Future...

In future blogs I'll go through the steps for creating certificate requests, obtaining certificates from a CA, and installing certificates. Following that, I'll discuss setting up a CA for testing SSL in your environment.


Note: This blog was originally posted at http://blogs.msdn.com/robert_mcmurray/

100 Things the 511th Learned During the ARTEP of 1991

30 January 2011 • by Bob • Military

Today's contribution marks the 7th installment in my series about the 511th MI Company's misadventures, which I collected during my tenure there from 1988 through 1991. This list was composed by the EW2 platoon during the ARTEP of 1991 - I believe it was in April - which we dubbed "Operation Pogo Stick." This name seemed apropos because of the considerable frequency that the EW platoons were required to jump sites, for no apparent reason other than the sheer fun of watching the level of aggravation that it caused. I think that this was the last deployment that I went on with the 511th; shortly after the ARTEP had ended, DeGrood and I got our orders to PCS back to the states, and everyone else got orders to Kuwait.

Things we learned during ARTEP '91

  1. Hot refuels really are (with lanterns).
  2. Point fire extinguishers at flames.
  3. Don't play Russian Roulette with a .45.
  4. Mosquito nets make good kindling.
  5. Calling SGT Tabbert "Larry" is effective aggravation.
  6. Being "killed" is the only way to get a couple hours' sleep.
  7. The Official ARTEP Song: "Jump" by Van Halen.
  8. There are no weapon mounts on HMMWV bumpers.
  9. SGT Rice makes a 2LT with a map look good.
  10. MI-51's radio has a maximum effective range of 100 meters, and MI-52's is about 100 inches.
  11. You can get away at MOPP 0 in a MOPP 1 environment, until the MAJ sees you.
  12. Ken be nimble, Ken be lean, Can't jump over the Concertine. He jump high, he jump low. He get caught, down he go.
  13. TCAE can get tracks to the field, but not back.
  14. Security isn't.
  15. Chase vehicles don't.
  16. The best form of land navigation is a well-informed German.
  17. An unheated, unlit tent and a pile of BOGINT tapes is an effective TRQ-32 simulator (bring your own paper).
  18. The latest in EW sleepware is the DA Morris Improved Stealth Tent.
  19. Mumbly-Peg is easier with the knife unsheathed.
  20. This was a very well thought out, and carefully planned exercise. NOT!!!
  21. Mumbly-Pistol is a game as yet untried.
  22. SGT Cyr relates well with farm animals. ("Moo...")
  23. Reimers can sham out of anything if he really wants to.
  24. Germans on holidays make interesting navigational obstacles.
  25. The TRQ-32 is the coffee-making, radio watch sitting, front seat sleeping, $800,000 car stereo wonder of the 20th century.
  26. Fred can never be in too warm an environment.
  27. The TRQ-32 glove box is hell on the shins.
  28. Handcopying BOGINT in MOPP 3 is a joyous experience.
  29. It's just no fun wearing a protective mask with a runny nose.
  30. GRA-39's make excellent car stereo amplifiers.
  31. TRQ-30 DF antennas are better left in the rear.
  32. M-8 alarms work better without batteries.
  33. We can ID more types of static now.
  34. You can teach the LT something new every day.
  35. LT's aren't sensitive items, but they have feelings, too.
  36. The LT wigs out when challenged.
  37. It was good training. NOT!!!
  38. Who's the a****** who made those 2-minute intercept to 2-hour static tapes?
  39. Blind TCAE geeks should not be allowed to recon intercept sites.
  40. The TACJAM squad is now cross-trained in landscaping.
  41. Duerksen can "hold it" for 4.5 days.
  42. Roddick don't know s*** about whoopie lights.
  43. Menthol cigarettes don't cut it.
  44. Roddick's new discovery - wet newspaper. It camos as it cleans.
  45. It's more fun 4-wheeling.
  46. Starvation is preferable over chili-mac and lima beans.
  47. Duerksen and Roddick can eat a whole cow.
  48. German kids love MREs. (That looks bad as a culture, doesn't it?)
  49. Braddy is too lazy to drive 10 minutes to see us. (So the d*** flew.)
  50. Germans don't like having M-60s pointed at them.
  51. Noise discipline need not be observed near 200 decibel generators.
  52. Propane heaters are heaven.
  53. Rich is a lying son-of-a-b**** when asked about this ARTEP.
  54. The CO has no sense of humor where guard posts are concerned.
  55. O'Conner has no tact.
  56. The TLQ squad is still the Kase-Camo Net Meisters.
  57. It seems like you always jump during your sleep shift.
  58. TCAE goons sleep more in one night than EW geeks do in a whole week.
  59. Mumbly-Peg doesn't work with swiss army knives.
  60. Lanterns with broken globes are somewhat dangerous.
  61. Field coffee isn't.
  62. Guard duty sucks. (That's why officers don't do it, right?)
  63. Vehicles, though forbidden, are still the preferred sleeping areas.
  64. Hooches get simpler the more you jump. ("All I need is a cot...")
  65. The TACJAM squad knows Germany.
  66. After a week in the field, even the locals smell good.
  67. World War II issue maps are not effective navigational tools.
  68. Only the TLQ squad can out Black-6.
  69. (This number is still not seen hereabouts.)
  70. Sure DeGrood has tonsillitis.
  71. Reimers' other foot will be broken upon our return.
  72. When you're a minute early on shift you're the greatest, when you're a minute late you're an a******.
  73. Johnson's magazine subscriptions are enjoyed by all.
  74. Where's the Jam button?
  75. Where's the Fix button?
  76. What freq am I on?
  77. Are we on Zulu or Local time?
  78. Mr. Roller is as effective an NBC alarm as an M-8 without batteries.
  79. Just because it looks like rain doesn't mean that it will.
  80. You know that you need a haircut when you can grow dreads in the field.
  81. Brush guards do.
  82. Brushing your teeth is really a morale booster.
  83. If German's can find our sites, why can't we?
  84. Never ask DA for a light. ("But he looks good with a singed face...")
  85. Burning tents are wonderful reference points at night.
  86. What do Germans do with all that lumber?
  87. The TRQ-32 needs a microwave.
  88. After a week of ARTEP, even TROJAN sounds good.
  89. The TRQ-32 has the only working radio in the PLT.
  90. It's nice to pull radio watch in a vehicle with a good heater.
  91. Cold mornings suck. (1 week from summer.)
  92. We never thought we'd be so happy to see a 1-week field problem end.
  93. Duerksen doesn't like grits.
  94. Groovy man remembers lots of worthless music.
  95. Everybody still wants to be a jammer.
  96. MOPP 1 is quite warm.
  97. Civilian life can't be all that bad.
  98. Newbies whine almost as much as EW1, but not quite.
  99. TCAE can drop the ball, duck the issue, pass the buck, and wash their hands of it better than anyone else.
  100. I wonder what Hohenfels will be like this year...?

In another strange turn of events, after I PCS'd to Fort Huachuca, I met the guy that made those 2-minute intercept to 2-hour static tapes that we mentioned in item #38 of the list, and I wound up working with him. (And just to satisfy anyone's curiosity - yes, he made those on purpose. He was a nice guy, but he had a wicked sense of humor.) Later on, I was asked to create intercept tapes for the MI officer school at Fort Huachuca, and I followed his lead by creating tapes that sounded like HF traffic - with hours and hours of radio printers, static, and morse code transmissions stomping on top of the voice messages. (FYI - The officers hated these tapes - mission accomplished.) But here's a quick behind-the-scenes trivia fact: I didn't actually record any actual radio printer or morse code transmissions from HF frequencies - I created them on my computer. Most radio printer traffic is simple Frequency Shift Key transmissions, so I wrote some algorithms that would allow me to enter a text string into my computer, which would be converted to binary, and then encoded into an audio stream based on a baud rate and space/mark frequencies that I picked. When I was done - they sounded identical to the real thing. So what did all of those ear-splitting radio printer messages actually say if you plugged them into a computer? Things like, "I hate the Army," "I can't wait to ETS," etc. Yes - even then I was a geek.

IHateTheArmy.mp3 (76.73 kb) "I Hate The Army" Frequency Shift Key (FSK) Sample

Famous 511th Quotations from Hohenfels 1990

29 January 2011 • by Bob • Military

In the 6th part of my series on the 511th MI Company, I have a short list of quotes that the ESM guys collected at Hohenfels, 1990.

Ah, CPT Quinn - everyone tried to explain to him that "break" was the proper proword to use when you had more to send over the radio, but he steadfastly refused to use anything other than "more follows." Obviously CPT Quinn was trained incorrectly when he went through MI Officer Basic. In one of those weird full circle coincidences, when I transferred to Fort Huachuca the following year, I wound up being the NCO that was in charge of training and grading the officers that were going through MI Officer Basic. I had no qualms whatsoever about telling any officer that they were a "NOGO" at my station, because I knew that these officers were going to wind up in charge of some poor MI platoon, and I couldn't put my fellow MI brethren through the embarrassment of having an officer that didn't know how to use the darn radio correctly.

1LT Innocenti and I did not get along on this field problem - although I don't think that he got along with anyone else in the EW platoons. Since 1LT Innocenti moved to GSR immediately after we returned to garrison, we only had him as a platoon leader for the combined duration of Hohenfels and Grafenwoehr, or about six weeks total, making that one of the shortest durations for a platoon leader that I saw in my eight years of military service. D.A. Morris saved my career while we were out in the field at Hohenfels when I stepped towards 1LT Innocenti with the full intention of decking him after he refused to let D.A. and I take everyone's guard duty and radio watch shifts to make up for all their hard work over the past several weeks. 1LT Innocenti claimed that he had done more work than anyone else, while in reality the only duty that he performed was running chow for us when he wasn't sleeping. What was even worse, his poor choices for words were accusing all of my subordinates of being lazy, while in reality they had been working nearly round-the-clock for several days. This was too much for me to take, so my right arm clenched into a fist and it would have been travelling in the direction of 1LT Innocenti's face when D.A. caught my arm and pulled me aside. I found out later that 1LT Innocenti had a black belt in Karate - so I probably wouldn't have been able to land a single punch before being hauled away to prison for assaulting an officer. (Thanks D.A. for saving my life!)

I bumped into CPT Innocenti several years later when he was going through the MI Officer Advanced Course in Ft. Huachuca, where I was helping to teach MI Operations. By that time we were able to have a few laughs about our shared history with no hard feelings. (CPT Innocenti - if you ever read this, my apologies once again; I was pretty young at the time.)

Another funny story about Hohenfels in 1990 was that I was one of only a handful of people that were chosen from the 11th ACR to brief LTG Joulwan, (who was the commanding general for all of the US Army forces in Europe), about regimental operations in Hohenfels. When the general arrived, I gave him a tour of the ESM gear, showed him how it worked, explained how we conducted operations, etc. After fifteen minutes or so, LTG Joulwan asked me what I thought of his field problem. I looked him right in the eye and said, "Frankly sir, I think it sucks." At that moment, 1LT Innocenti was standing behind the general, and I watched as he put his face in his hands - probably feeling that his career had just ended. The general was momentarily taken aback, and then he asked, "Why?" So I took the next five to ten minutes or so explaining how his deployment of US forces didn't match actual enemy tactics, how their radio communications were completely dissimilar, how we were able to wreak havoc simply by ICD'ing everyone on the planet, etc. The general and I had a pretty good conversation that lasted for several minutes, and eventually we agreed to disagree on several points. Before his departure, LTG Joulwan gave me one of his custom-made USAEUR coins "in recognition of my outstanding achievements," then he got in his humvee and drove off. CPT Quinn dropped by later and informed me that out of the hundreds of people that LTG Joulwan had met that day, I was one of only two people to which the general had given a coin. (CPT Quinn also asked me never to do that again.) So I like to remember that I received a medal (more or less) for being one of the few people who was willing to tell a three-star general to his face that I thought his training sucked.

More Famous Moments in the 511th History

27 January 2011 • by Bob • Military

My 5th installment of this series about the 511th MI Company is pretty much a sequel to the 4th installment. I'm fairly certain that I had two lists in my notes because they were more than likely created during different field problems a year or so apart.

It was also a great day for the 511th when...

I should like to point out that the mistake that I made on the TRQ-32 was not opening the ventilation flap on the side of the generator. I pointed that out myself, but that didn't stop the rest of the squad from holding me down and giving me a pink belly. I believe D.A. was the overall ringleader for my punishment, but I'm sure that I had it coming. ;-]

Famous Moments in the 511th History

26 January 2011 • by Bob • Military

In the 4th installment of this series about the 511th MI Company, I have a list of what we thought were great moments in 511th history. I don't know if anyone else recalls, but whenever morale was hitting a low point during a field problem - I'd pull out a pad of paper and have everyone make an obnoxious list of some sort. These lists were usually laced with a great deal of cynicism - and more often than not a great deal of profanity. So I'll have to clean these up a little before posting. ;-]

It was a great day for the 511th when...

Bryant - I'd like to apologize on behalf of Smith, Martin, and myself for stealing your clothes at Mt. Meissner. :-S

I'd also like to state - both emphatically and for the record - that I was a member of EW2 when EW1 was thrown out of the Turkish brothel. :-O

And it would be a great disservice if I didn't point out that there's no way that Cyr would have been lost in Turkey if it had not been for 2LT Gibson - the age old adage that the only thing more dangerous than a 2LT with a gun is a 2LT with a map certainly applies to that situation.

Famous Quotations of the Fighting 511th

24 January 2011 • by Bob • Military

In part 3 of this series about the 511th MI Company, we'll take a look at some common quotes that were said by several members of the 511th, although this list is obviously not exhaustive. These particular phrases were compiled by members of the EW platoons during one of our field problems, although it's been so many years I don't recall which one. ;-]

For the future, I have some great lists of famous moments in 511th history, and famous quotations from Hohenfels 1990.

Famous Nicknames of the Fighting 511th

23 January 2011 • by Bob • Military

In part 2 of my series on the 511th MI Company, we'll take a look at some of the nicknames from the 511th that I managed to write down; although I need to stick to my disclaimer that I did not come up with these nicknames - I just took the time to write them down. ;-]

And my personal favorite:

There is one nickname that I wrote down that I didn't post here, and that was for Bill McCollum. I didn't add his nickname to this list because it might not be fit for the public. If you remember his nickname, you can smile about it now. If you don't, that'll remain a secret between the rest of us.

Who did I miss?


10/21/2014 Update - Bullseye Babbs was a 1LT who took over one of the EW platoons. He earned his nickname on one of the M-60 ranges when he failed to understand how his weapon's scopes worked, so instead of throwing rounds 1km downrange like everyone else, he was thoroughly pulverizing the ground about 5-10 feet in front of us; huge amounts of debris were being thrown into the air as everyone was screaming at him to cease fire. (It probably would have been funny if it hadn't been so dangerous.)


03/14/2018 Update - Terry Knaul dropped me a line to let me know that I had his name listed incorrectly; my apologies, and that has been fixed.

Famous Callsigns of the Fighting 511th

22 January 2011 • by Bob • Military

Over the 3.5 years that I spent in the Fulda Gap with the 511th MI Company, I collected and saved a lot of the stories and lists that the EW and TCAE teams put together. All of this nostalgic trivia is twenty years old now, but it still makes me laugh when I think about the people and times that it represents. Of course, this is mostly a collection of inside jokes with the people that were there.

So this will be part one of a series, and I should point out that I did not create this information - I just took the time to write it down. ;-]


UPDATE: While these were not entirely unique, we often used the following color-coded generic callsigns when we were on recon assignments where only one radio entity was present from each of the different platoons:

Killer Rabbits from Antiquity

07 January 2011 • by Bob • Humor

For those of you who thought that the killer rabbit in Monty Python's "Holy Grail" was a work of fiction, I suggest that you see the top center pane in this stained glass detail from the West Rose Window of Notre Dame in Paris. Apparently brutal bunnies must have been an issue when the French built this cathedral, or perhaps the French will run away from anything.

(Note: Giving credit where it is due, this image is originally from the web page at La Cathédrale Notre Dame de Paris.)

 Wink

Blog Navigation

You are on page 60 of 71 pages.

1 ... 58 59 60 61 62 63 ... 71