Archive for October, 2009

New Photography

935 days

by musashi in Photography

Prints are also available from DeviantArt

I’ve finally gotten around to posting a beer recipe (with the help of some prodding from a friend). You can find it under the ‘Homebrewing’ section of the project index -or- alternatively, by clicking here. There’s only one recipe posted, but I’ll get around to posting some more later on.

Home Brewing Homebrew

How to upgrade ClamAV on Ubuntu (Intrepid)

954 days

by musashi in I.T.

On October 5th, the Clam Antivirus team announced that ClamAV 0.94.x is now entering its end-of-life phase. What’s worse, versions of ClamAV earlier than 0.95 will no longer be able to receive CVD updates; basically rendering any older versions of ClamAV nearly worthless. This is all supposed to happen by April 2010—soon. You can read more about it here.

Good news though, the upgrade process on Ubuntu is pretty easy:

If you haven’t already done so, enable the ‘backports‘ repo by editing your /etc/apt/sources.list file and uncommenting (or, inserting) the following two lines:

deb http://us.archive.ubuntu.com/ubuntu/ intrepid-backports main restricted universe multiverse

deb-src http://us.archive.ubuntu.com/ubuntu/ intrepid-backports main restricted universe multiverse

Then, resynchronize the package index files with the following command:

sudo apt-get update

Next, upgrade ClamAV:

sudo apt-get install clamav-daemon

This command will [sometimes] install apparmor as well; I don’t use apparmor so I uninstall it afterwards:

/etc/init.d/apparmor stop

update-rc.d -f apparmor remove

apt-get remove apparmor apparmor-utils

That’s all there is to it!

root@localhost:~# clamd -V

ClamAV 0.95.2/9874/Thu Oct  8 06:24:12 2009

ClamAV GNU/Linux I.T. Ubuntu

Adding “Trusted Sites” to Internet Explorer, via the registry

960 days

by musashi in I.T.

A while ago I needed to add a list of websites to the Internet Explorer’s “Trusted Sites” zone for multiple users, scattered across multiple terminal servers. IE’s “Enhanced Security Configuration” (ESC) is configured by default on windows terminal services and it’s normally a good idea to leave it intact.

However, this can have unintended consequences for users who require the use of websites that employ ActiveX, javascript, etc. because, by default, ESC does not allow those items to run. Sometimes, this means that the site in question will only be partially non-functioning. Other times, the entire site will be completely unusable. Furthermore, most users on terminal services have only a limited ability to actually modify the settings for an entire zone. Normally the best thing they can do is add the site to their trusted sites zone, if in fact the site is legitimate (i.e., “trusted”).

Originally, I explained to the users the steps involved in adding a site to their trusted sites, however many of the users used many of the same websites that other users were using. Also, new users needed to be trained on how to do this as well. Needless to say, it got very repetitive, very fast; so I came up with a “global” list of sites that can be trusted, and imported them to the registry on each terminal server. The list consisted of about 40+ sites, and I was able to generate the list mostly by exporting the following registry key:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains

…from a few user accounts who had already added most of the sites to their trusted sites zone. After grepping out the duplicates (among other things), I had my list.

Now, I’m going to cover two ways of making this list of domains “globally trusted”—both of them involve writing to the following registry key:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains

Pay attention! This is not the same key as previously mentioned. This key resides in the ‘HKEY_LOCAL_MACHINE’ hive, whereas the previous key resides in the ‘HKEY_CURRENT_USER’ hive.

The first way is via the following visual basic script:

Option Explicit

Dim DomainArray(5), strComputer, strHTTP, strHTTPS
Dim dwordZone, regPath, objReg, counter, subkeyPath
Dim subkeyValue
Const HKEY_LOCAL_MACHINE = &H80000002

DomainArray(0) = "testdomain0.com"
DomainArray(1) = "testdomain1.com"
DomainArray(2) = "testdomain2.com"
DomainArray(3) = "testdomain3.com"
DomainArray(4) = "testdomain4.com"

strComputer = "."
strHTTP = "http"
strHTTPS = "https"
dwordZone = "2"
regPath = "SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" &_
        "\ZoneMap\EscDomains\"
Set objReg = GetObject("winmgmts:{impersonationLevel = impersonate}!\\" & _
        strComputer & "\root\default:StdRegProv")

For counter = 0 to 4
        subkeyPath = regPath & DomainArray(counter)
        objReg.CreateKey HKEY_LOCAL_MACHINE,subkeyPath
        objReg.SetDWORDValue HKEY_LOCAL_MACHINE,subkeyPath,strHTTP,dwordZone
        objReg.SetDWORDValue HKEY_LOCAL_MACHINE,subkeyPath,strHTTPS,dwordZone
Next

This script will insert ‘testdomain0.com’, ‘testdomain1.com’, [...] into IE’s trusted sites zone when run on any machine. It must be run by an Administrator (or another user who has access to write to the HKEY_LOCAL_MACHINE registry hive), and the changes are global (to the machine).

The next way involves creating a “registry entries” (.reg) file:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\testdomain0.com]
"http"=dword:00000002
"https"=dword:00000002

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\testdomain1.com]
"http"=dword:00000002
"https"=dword:00000002

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\testdomain2.com]
"http"=dword:00000002
"https"=dword:00000002

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\testdomain3.com]
"http"=dword:00000002
"https"=dword:00000002

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\testdomain4.com]
"http"=dword:00000002
"https"=dword:00000002

Just like the previous script, this must also be run by a user with Administrator privileges and any changes will be global to all users on the machine.

(Of course, you would want to customize these snippets of code to suit your needs.)

For more information, please visit the following sites:

Internet Explorer Enhanced Security Configuration changes the browsing experience
Enhanced Security Configuration for Internet Explorer
Internet Explorer security zones registry entries for advanced users

I.T. registry Windows

PolitiFact Articles
Unknown Feed
Unknown Feed
Tags
Athena & Mathilda Autoresponse Balls Deep Beer Birthday Books Bowling Brewglass Camping Chesapeake Bay Development dogs Fall Fondue FUD Gatherings/Parties GNU/Linux Homebrew Home Brewing HowToForge I.T. Iraq Keller Williams Kensington MAS 90 MAS 200 Nefaria.com Outdoors Party Pasadena Photography Pictures postfix Programming / Scripting Projects Rants Rockband2 Science Shooting Summer Terminal Services Tubing Very first post! Wedding Windows
October 2009

M T W T F S S

« Sep Nov »

1 2 3 4

5 6 7 8 9 10 11

12 13 14 15 16 17 18

19 20 21 22 23 24 25

26 27 28 29 30 31
Sitemap:
- About/Bio
- Project Index

October 2009
M	T	W	T	F	S	S
« Sep		Nov »
	1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	31

Go to Top

Archive for October, 2009

New Photography

Recipe for IPA v.2 posted

How to upgrade ClamAV on Ubuntu (Intrepid)

Adding “Trusted Sites” to Internet Explorer, via the registry

PolitiFact Articles

Unknown Feed

Unknown Feed

Tags

Sitemap: