Oct 29, 2010

Tips to Create a Stronger Password and Manage Admin Users in Your Company

Maybe this topic is to ridiculous to me, but sometimes, for other people, it’s very useful. I’ve traveled so much, meeting so much clients, and see how different company can loose it’s security, or tighten it up. Some company doesn’t realize that their company isn’t protected so much, and could hacked in anytime, and this company is big enough. So, these are the passwords that someone could lost his/her job just for let the default or common password reside in their admin users.

  1. pass@word1
  2. P@ssw0rd
  3. Sequential numbers forward and backward like 123456, or 12345678, or 87654321
  4. princess
  5. Sequential characters like abcdef
  6. Sequential characters in keyboard like qwerty, asdfghj, zxcvbnm
  7. Combination of sequential characters and numbers like abc123, or qwerty12345
  8. If the website name is RockYou.com, the password is sometimes rockyou

So stupid isn’t it? You could prevent all of hacking actions using a stronger password. Stronger password are containing lowercase and uppercase alphabetical and numbers, and special characters. See… I’m using clause “AND”, and you may think that “gILa$2(vk_q0” will meet the requirements, and you may think that password will be lost sometime, because of too hard to remember. And if you try to write it on a paper, someone could stole your paper and see the password.

Try to find some sentences, in a normal ways. If you could, try find it on another language, not in English. Some password cracker application could find the password on it’s library, and think that the password is in English, like “princess”. Try “Admin for Rock You.com”, or “Library Administrator on Department”, or use another language, like in mine, “password goblok”, it means “stupid password”.

And from that point, you could change the sentence into 1 word only and don’t make an obvious password and easy to read, using combination of alphabetical lowercase or uppercase, and numbers, and special characters. Example for “Admin for Rock You.com” is “4Dm1n4RY” or “My@dM1nR0cKY0u”. Or you can try “I don’t remember” changed into “1dnTR3m3m&er” as a password.

In that way, you can still remember the password but with better security.

How to Manage Admin Users?image

Try to disable the domain admin, and create a new user as a domain admin. The Domain Admin in Active Directory is “Administrator”, so if you in Microsoft Corp, maybe the login sentence like “MICROSOFT\administrator”. Before you disabled the Domain Admin, try to create a new standard user, for example “MICROSOFT\pegasus” or “MICROSOFT\superman”, and use the above tips to create password. Join this user to “MICROSOFT\Administrators”, “MICROSOFT\Domain Admins” groups, or any other groups equivalent to “MICROSOFT\Administrator”, and then you can disable the MICROSOFT\administrator”.

 

If you have any other products like SQL Server or SharePoint, or even ForeFront, or any products which require an administrator user, specify all of admin one by one. Don’t try to use “MICROSOFT\Administrator” or “MICROSOFT\superman” or anything equivalent to Domain Admins. For an example, specify “Microsoft\SQLServerAdmin” for SQL Server, “Microsoft\SPSAdmin” for SharePoint, etc.

Happy configuring…

Optimizing and Improving SharePoint Performance from SQL Server

So, there is some ways to optimize and improve SharePoint (any edition) from SQL Server. There’s some way to improve this SharePoint things, and from SQL Server is one another way to do that. The important key is, where is your MDFs (MDF is the file extension for SQL Server Data File) and LDFs (LDF is the file extension for SQL Server Log File) located? What happens if I lost my MDFs? Or what happens when I lost my LDFs? What path should I take to make SharePoint much faster?

Oct 20, 2010

Advanced Download Flash Video Streaming using Fiddler2

Fiddler2 is web debugging tools that you can use to view Request or Response Header, and you can create your own Response or Request Header. But what if you want to use it for fun, not just debugging web? You can use Fiddler2 to download Flash Video Streaming! I haven’t tested it yet on YouTube but DailyMotion.com works just fine. Just download Fiddler2 from their website, find it on Google or you can go through this link http://www.fiddler2.com/fiddler2/.

image

How to use it? Follow these steps to download Flash Video Streaming…

image

Run “Fiddler2”

image

image

Click “Filters” tab to set filter, and check the “Use Filters” checkbox.

image

Give checkmark to this field under “Request Header”, and set the textbox to “.flv” or any Flash Video Extension which you want to download. You can give any other filters to make the session result better, like “Show only Internet Explorer traffic”.

image

Make sure that “File” > “Capture Traffic” is checked.

image

Open IE and start browsing to stream the Flash Video. When you finally find your video, open it and stream it through IE.

image

Back to Fiddler2, you can see 2 session opened.

image

image

You can try copy the URL and paste it to Download Manager. You can try to “Query Size” if you using Free Download Manager.

image

If the size is reasonable for video, you can directly click OK to download the file. Otherwise, see another session captured in Fiddler2, and copy the URL, and you can just Query the size.

Note that you can use Fiddler2 to get the URL and download it via download manager.

 

UPDATE:

image

Note, that you can download any video from other site with this configuration Filters in Fiddler2:

  1. DailyMotion.com, try to change the text with “.mp4” or “.flv”.
  2. Youtube.com, try to look at the text with “/videoplayback?”. To verify if it’s the video or not, click first in the session opened in Fiddler, and click “Inspectors” tab. On the Response Headers section, see the Content-Type, usually “video/x-flv”.

UPDATE (AGAIN Smile with tongue out):

There’s an incoming problem from Anonymous, he/she needs to download a video from a website, in http://egotastic.com/2011/12/2-random-minutes-with-leilani-dowding-video/. Let’s take a look at the pictures below, image will tells you much….Rolling on the floor laughing

image

image

image

Make sure no filters attached

image

Refresh again the page, and play the video it again, to capture all HTML Traffic…. Captured, and that’s it, find the /videoplayback? URL, and I found it!

image

To make sure it’s the video, look at the Inspector tab, look at Response Headers, the content type is video/flv or video/x-flv.

image

Right click on that response, and Copy the URL

image

Paste it on your favorite download manager, mine is Free Download Manager, and start downloading…

image

And if finished, look at your saved videos…. voila!

image

Oct 19, 2010

Impersonate Active Directory Account when Connecting to Database using Windows Authentication

Lately I have a little problem, not a major but I’m not comfortable and must get to used to it. Suppose we want to connect to another SQL Server Database, and we don’t have any options except use the WINDOWS Authentication. But frankly, this SQL Server which we want to connect to is in another domain. Yeah, you could try to use Windows Authentication, but the User name field and Password field are grayed out. For example, my notebook wasn’t joined to another domain (with logged on user is RADIT\raditz), and I need to connect to another SQL Server in a different domain (suppose another domain user to connect to is CONTOSO\admin), use the following command-line:

RUNAS /user:CONTOSO\admin /netonly “<the SQL Management Studio exe path>”

RUNAS /user:CONTOSO\admin /netonly “D:\Program Files\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\Ssms.exe”

image

You’ll be asked for the password, and the application will running with that user accounts.

image

Don’t worry, just insert the SQL Server Name, and click Connect.

Oct 16, 2010

Remove HTML Tags when Obtaining Text from SharePoint Field

This is one of simple trick to use when you start to develop SharePoint Web Parts. When you want to get the text of, let’s say “Page Content” field of Pages Library, or any other formatted text field in HTML, and you want to get it without the formatting, then here we go the trick.

You can use SPHttpUtility.ConvertSimpleHtmlToText, with 2 arguments, the HTML formatted text, and the maximum length. And you can use other SPHttpUtility objects or any objects in Microsoft.SharePoint.Utilities to do another tricks. You don’t need to get any further code to get this and that, just point to Microsoft.SharePoint.Utilities, and you’ll get the tricks.