DPAPI
I wrote this documentation and project years ago and found it while looking through some of my archives last night. It probably still has some millage left and might be found useful to someone setting up DPAPI. You can download the binaries or source code below.
DPAPI Setup
1. Create the directory C:\DPAPI and copy the contents from the DPAPI directory (found in DPAPIBinaries.zip) into the new directory.
2. Create a local Windows account that will be used to run the Enterprise Services Application and Windows Service with the username DPAPIAccount. Make sure to uncheck the User must change password at next logon check box and check the Password never expires check box. Use the Local Security Policy tool in the Administrative Tools programs group to give the account the Log on locally and Log on as a batch job privileges.
You must log off with your current account and login as the DPAPIAccount user to create the user profile. Once you have logged in as the DPAPIAccount user you can then log off and log back in as your normal account.
3. Open a command prompt and run the following command to register the serviced component.
regsvcs C:\DPAPI\DPAPIComp.dll
4. Open the Component Services management console and navigate to the Component Services->Computers->My Computer->COM+ Applications folder. Right-click on the DPAPI Helper Application application and select the Properties menu option.
6. Click on the Identity tab and select the This user radio button. Enter the MachineName\DPAPIAccount username and password and then click on the OK button.
7. Expand the DPAPI Helper Application->Roles folder. You will need to add the users to the Roles\Users nodes that will need access to encrypt and decrypt. All users that need access to encrypt and/or decrypt must also be added to the Marshaler\Users node.
Add the MachineName\ASPNET ("NETWORK SERVICE" in IIS 6.0) user to all three groups for this example since we will test encrypting and decrypting through an ASP.NET application.
8. Open a command prompt and run the following command to install the Windows service.
installutil C:\DPAPI\DPAPIService.exe
Enter the MachineName\DPAPIAccount ("NETWORK SERVICE" in IIS 6.0) username and password and click the "OK" button.
9. Open the Services management console and start the DPAPI Service service.
10. Open the IIS management console and add a new virtual directory named DPAPIWeb.
11. Copy the contents from the DPAPIWeb directory (found in DPAPIBinaries.zip) into the new virtual directory.
12. Open http://localhost/DPAPIWeb/WebForm1.aspx in a browser and test encrypting and decrypting. Obviously, you would want to make sure that this application was not accessible outside of the local server.
Transcender Exam Preparation & Vista
If you use the Transcender Exam Preparation software on Windows Vista and have problems activating/using your practice exams then follow these steps. 1. Right-click on the "Transcender Exam Preparation" shortcut and select "Properties". 2. Click on the "Compatibility" tab. 3. Click the "Run this program in compatibility mode for:" and select "Windows 98 / Windows Me" in the "Compatibility mode" section. 4. Click "OK".
You should now be able to activate and use your practice exams.
Internet Explorer 7, Outlook 2007, Windows RSS Platform
I do not know everything about this topic, but here are some of my thoughts from my experiences. I really enjoy listening to Hansel Minutes and .NET Rocks! on my Zune as I code or commute. The ability to download enclosures from an RSS feed is great and can make keeping the task of keeping my Zune synced up with the latest episodes a breeze. You can configure IE 7 to download enclosures automatically.
Configure IE 7 Feed Enclosure Downloads
1. Subscribe to a feed that offers enclosures in IE 7, like .NET Rocks!:
http://www.pwop.com/feed.aspx?show=dotnetrocks&filetype=master
2. Open the Favorites Center and click on the Feeds tab.
3. Right-click on the feed that you subscribed to in the first step and click on the "Properties..." menu option.
4. Click on the "Automatically download attached files".
5. Click on the OK button.
The feed's enclosures will be automatically downloaded the next time that the feed is checked. The following directories are where the feeds and enclosures are stored on Windows Vista.
Feeds (.feed-ms)
C:\Users\username\AppData\Local\Microsoft\Feeds
Enclosures
C:\Users\username\AppData\Local\Microsoft\Windows\Temporary Internet Files\Enclosure\{76E975B3-71EA-4820-85D6-BB6D878879E3}
I do not like that the enclosures are stored in the "Temporary Internet Files" directory and that this location is not configurable. The enclosure files are not deleted when you use the "Delete Browsing History" dialog to delete all browsing history. So you could configure your Zune to sync files with any the Enclosure directory or a specific GUID enclosure directory. You can find the enclosure directory name for a specific feed by clicking on the "View Files" button next to the "Automatically download attached files" checkbox described in step 4 (configuring feed enclosure downloads). I know that I could write a FileSystemWatcher or use the COM object provided by the Windows RSS Platform to setup events to monitor the downloading of enclosures. This seems like a lot of work for something that in my opinion should be configurable in the feeds properties dialog. I know that you can use the Outlook 2007 "Sync RSS Feeds to the Common Feed List" option and also enable the downloading of enclosures. The enclosures downloaded in Outlook 2007 are stored in a .PST file. I have also read about issues with very large personal folder files in Outlook 2007 where the size is greater than 2GB in size. The .PST file for a feed like .NET Rocks! would easily be larger than 2GB and could possibly cause performance issues in Outlook 2007. It would have been nice if IE7 and Outlook 2007 would have both used the same store instead of smoke and mirrors to "sync" the feeds.
Conclusion
I like the ability to use IE7 and Outlook 2007 to manage my RSS subscriptions, since I already use both of those applications daily. I am not a huge fan of installing other software that is only going to bloat my system, especially those that need to auto start or run as services and will consume extra memory or CPU resources that I would rather leave for more productive work. The only complaint that I have currently with either is how enclosures are handled, but IE7 does offer a way for me to get at the enclosures. I have more thoughts on this subject and will post more information about those thoughts as I have time.
Alternatives
There are really good RSS readers that allow you to configure the directory that enclosures should be downloaded into like RSS Bandit and Attensa.
XmlSiteMapProvider – Query String Support
Most of the ASP.NET applications that I create have some type of a menu and the menu is typically dynamic. When I say dynamic I mean that the menu items are usually dependent on the user's current location in the application and sometimes require query strings (i.e. the Id of a photo album). The default XmlSiteMapProvider is nice and can be very useful coupled with the securityTrimmingEnabled attribute (the provider model is very awesome...thank you Rob Howard). However, the default XmlSiteMapProvider does not offer any support for query strings. I wanted a solution that would allow me to use the existing .sitemap format, automatically adding query strings to menu items, hide menu items if those query strings were not available, and did not require creating any custom controls. I first looked at the SiteMapProvider.SiteMapResolveEventHandler event, but this option would only work if I was using the SiteMapPath control. I then decided to see what was overridable in XmlSiteMapProvider since that provider did exactly what I wanted with the exception of handling query strings. I came up with the class below that handles all of my requirements and simply added the new provider to the SiteMap providers in the web.config. You can download a small sample application here.
using System;
using System.Web;
using System.Collections.Specialized;
public class XmlQueryStringSiteMapProvider : XmlSiteMapProvider
{
/// Gets the root node of the site map.
public override SiteMapNode RootNode
{
get
{
// Get the root node
SiteMapNode root = base.RootNode;
// Make sure we have a valid root node object
if (root == null)
return null;
// Clone the root node
SiteMapNode tempNode = root.Clone();
// Check to see if this node requires a query string
string qs = GetQueryString(tempNode);
if (!string.IsNullOrEmpty(qs))
tempNode.Url += qs;
return tempNode;
}
}
/// Retrieves the child site map nodes of a specific SiteMapNode object.
public override SiteMapNodeCollection GetChildNodes(SiteMapNode node)
{
// Make sure we have a valid node
if (node == null)
throw new ArgumentNullException("node");
// Build the site map
this.BuildSiteMap();
// Get a collection of all child nodes
SiteMapNodeCollection collection = base.GetChildNodes(node);
// Make sure we have a vlid collection of child nodes
if (collection == null)
return new SiteMapNodeCollection();
// Create a new collectino that will hold the final nodes
SiteMapNodeCollection nodes = new SiteMapNodeCollection(collection.Count);
foreach (SiteMapNode n in collection)
{
// Clone the current node
SiteMapNode tempNode = n.Clone();
// Make sure this node is accessible
if (base.SecurityTrimmingEnabled && !n.IsAccessibleToUser(HttpContext.Current))
continue;
// Check to see if this node requires a query string
string qs = GetQueryString(tempNode);
if (!string.IsNullOrEmpty(qs))
tempNode.Url += qs;
else if (n["required"] == "true" && !string.IsNullOrEmpty(n["queryString"]))
continue; // DO not add this node to the collection
nodes.Add(tempNode);
}
return SiteMapNodeCollection.ReadOnly(nodes);
}
/// Creates a query string based on the node settings.
private string GetQueryString(SiteMapNode node)
{
// Check to see if this node requires query string values
if (node["queryString"] == null)
return null;
// Get a list of the query string names
NameValueCollection values = new NameValueCollection();
string[] vars = node["queryString"].Split(",".ToCharArray());
// Check to see if we have values for the query string names
foreach (string s in vars)
{
string var = s.Trim();
// Check to see if the query string value exists
if (HttpContext.Current.Request.QueryString[var] == null)
continue;
// Add the query string value to the collection
values.Add(var, HttpContext.Current.Request.QueryString[var]);
}
if (values.Count == 0)
return null;
// Build the query string
string[] parts = new string[values.Count];
for (int i = 0; i < values.AllKeys.Length; i++)
parts[i] = values.AllKeys[i] + "=" + values[values.AllKeys[i]];
return "?" + String.Join("&", parts);
}
}
Visual Studio 2005 – Recent Projects (Update)
I have updated the Recent Projects tool that I created to support Orcas. You can download the Recent Projects application here.
Silverlight 1.0 Beta – Hello World
Here is my first Silverlight 1.0 Beta page. Orcas is finishing installing as we speak and then I have a few ideas that I would like to implement using Silverlight 1.1 Alpha. I experienced the same issue and resolution that Rick Strahl has documented in his blog entry.
UPDATE: Removed the link to my Silverlight 1.0 Beta.
Visual Studio 2005 – Recent Projects
I do not know about you, but I like to have full control over everything and it drives me crazy that Visual Studio 2005 does not offer an easy way to delete items from the Recent Projects list on the start page from within the IDE. I did a little looking around and see that the list of projects is stored in the registry.
Visual Studio 2005
HKCU\Software\Microsoft\VisualStudio\8.0\ProjectMRUList
Microsoft Visual C# 2005 Express Edition
HKCU\Software\Microsoft\VCSExpress\8.0\ProjectMRUList
Visual Web Developer 2005 Express Edition
Software\Microsoft\VWDExpress\8.0\ProjectMRUList
I created a very simple .NET 2.0 windows application that allows you to delete specific projects or clear an entire list of projects for a specific version of Visual Studio 2005. This is really nice because the key names must be sequential named/numbered (i.e. File1, File2, File2). Who wants to go into regedit and manually rename "File3" through "File10" after deleting "File2"? This application makes managing the recent project lists a quick and painless task. You can download the Recent Projects application here. Please feel free to download and use this application. This application requires Windows and the .NET Framework 2.0.
I am downloading the bits for Orcas Beta 1 and will see if they have addressed this issue or if I need to add support to my Recent Projects application.
Silverlight 1.1 Alpha
Silverlight 1.1 Alpha was released today after the announcement by Scott Guthrie at MIX07 that Silverlight will also have .NET support! You really must see the video that shows Top Banana, an incredible demo of what Silverlight can be used to create. You can view the Top Banana demo video here.
Mike Harsh has a lot of great information on his blog about Silverlight and Brad Abrams posted a nice highres Silverlight poster! I am looking forward to playing around with Silverlight 1.1 Alpha!
Silverlight
I am really looking forward to seeing the new/updated Silverlight sites tomorrow!
http://www.microsoft.com/silverlight
http://www.silverlight.net
I learned more about IIS 7 and PowerShell this weekend. I will blog more about these as I have more time. As an ASP.NET developer I really like all of the new features of IIS 7 and as a .NET developer how cool is PowerShell!
Keeping Windows Secure
Introduction
I am constantly looking for the best ways to keep Windows secure against potential attacks and exploits. I have used Windows XP since RC1 and because I also manage multiple Windows Server 2003 servers, security is always the first step I take after installing Windows XP/Server.
The steps described below are ones I practice at work and at home. Although they directly apply to Windows XP Pro and Windows Server 2003, these steps can also be applied to some extent to other versions of Windows. Since using these, I have never had a virus, and the servers that I manage have never been penetrated even though attempts have been made.
I will continue to add items to this page as I become aware of new practices and better ways to keep Windows secure. Please feel free to send me information on ways that you keep your systems secure.
Rename Default Administrator User
Rename the default Administrator user to something else. Setup a user with the username of ‘Administrator’ and add only to the Users group. Disable this account. This will help with quickly seeing what attempts have been made to login with the ‘Administrator’ username.
Now you need to add a user that is a member of the Users group and this will become your main login. The objective of this account is to run with the least amount of privileges that are needed for the majority of operations. I am a big advocate of running with least privileges and believe there is never a good reason to have your main login be a member of the Administrators group. You can always use “Run As…” when you need to run process that require higher privileges.
Enable Auditing & Hide Last Login Username
1. Execute the Administrator Tools Local Security Policy application.
2. Expand the Local Policy node.
3. Click on the Audit Policy node.
4. Double click, or right click and select Properties, on the
‘Audit account login events’ item.
5. Check both the ‘Success’ and ‘Failure’ checkboxes.
6. Click on the OK button.
7. Click on the ‘Security Options’ node.
8. Double click, or right click and select Properties, on the
‘Interactive login: Do not display last username’ item.
9. Click on the ‘Enabled’ radio button.
10. Click on the OK button.
Hide Administrator User From Interactive Login Screen (Windows XP)
Hide the real administrator user from login screen.
1. Click on Start->Run…
2. Type ‘regedit’ and then click on the OK button.
3. Navigate to the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Special Accounts\UserList\
4. Right click on the UserList key and select the‘New->DWORD Value’ menu option.
5. For the value’s name, enter the username of the user that is a member of the Administrators group.
6. Make sure the value is set to 0.
If you are using the Windows XP "Welcome screen" then you can press CTRL+ALT+DELETE twice to open the traditional login dialog box that will allow you to enter any username.
Windows Automatic Updates
Enable Windows Automatic Updates
1.Start->Control Panel->Automatic Updates
2. Select the ‘Automatic’ option and select ‘Every day’ at an off-peak time.
Microsoft Baseline Security Analyzer
http://www.microsoft.com/technet/security/tools/mbsahome.mspx
This is an incredible tool that will analyze your system and give you a detailed report about your system’s security.
Use New Setup
Now you need to reboot and this time login with your newly created user that is a member of the Users and not Administrators group.
Visual Studio
If you are using a user that is a member of the Users group and want to use the Visual Studio .NET 2002/2003 debugger, you will need to make sure that your user is also a member of the ‘Debugger Users’ group. You will need to log off and then login. There are extra steps that need to be taken if you want to debug an ASP.NET site.
