2010年12月28日火曜日

Windows 7 & Windows Server 2008 R2 快速設定流程

[2011/03/15 Update]
Windows 7:
control userpasswords2
Desktop(Right Click) -> View -> Small icons
                        Auto arrange icons -> Selected
Recycle Bin(Right Click) -> Properties -> Don't move files to the Recycle Bin. Remove files immediately when deleted.
Control Panel -> View by: Small icons
                 AutoPlay -> Use AutoPlay for all mdeia and devices -> Not selected
                 Notification Area Icons -> Turn system icons on or off -> Action Center -> Off
                 Power Options -> Balanced(recommended) -> Change plan settings -> Change advanced power settings -> Display -> Turn off display after -> Setting: Nerver(0)
                                                                                                                     Hard disk -> Turn off hard disk after -> Setting: Nerver(0) // WS2008R2 Default
                                                                                                                     Sleep -> Sleep after -> Setting: Nerver(0) // WS2008R2 Default
                                                                                                                     POWERCFG -H OFF
                 System -> Advanced system settings -> System Protection -> Configure -> Turn off system protection // WS2008R2 n/a
                                                       Remote -> Allow Remote Assistance connections to this computer -> Not selected // WS2008R2 n/a
                 User Accounts -> Change User Account Control settings -> Never notify
Folder Options -> View -> Advanced settings -> Hidden files and folders -> Show hidden files, folders, and drives
                                               Hide extensions for known file types -> Not selected
                                               Hide protected operating system files (Recommended) -> Not selected
                                               Launch folder windows in a separate process -> Selected
                                               Show encrypted or compressed NTFS files in color -> Not selected
                                               Use Sharing Wizard (Recommended) -> Not selected
Internet Options -> Home page -> Use blank
                    Browsing history -> Delete browsing history on exit -> Selected
                                        Delete... -> Form data -> Selected
                                                     Passwords -> Selected
                                                     InPrivate Filtering data -> Selected
Taskbar and Start Menu -> Lock the taskbar -> Selected // WIN7 Default
                          Auto-hide the taskbar -> Selected
                          Use small icons -> Selected
services.msc -> Security Center -> Disabled // WS2008R2 n/a
                Windows Defender -> Disabled
                Windows Firewall -> Disabled
taskschd.msc -> Task Scheduler (Local) -> Task Scheduler Library -> Microsoft -> Windows -> Defrag -> ScheduledDefrag -> Disabled
                                                                                            Maintenance -> WinSAT -> Disabled // WS2008R2 n/a
Computer Name & Workgroup
HKEY_LOCAL_MACHINE -> SOFTWARE -> Microsoft -> Windows NT -> CurrentVersion -> RegisteredOwner
                                                                               RegisteredOrganization
Windows Server 2008 R2:
control userpasswords2
Administrative Tools -> Local Security Policy -> Account Policies -> Password Policy -> Maximum password age -> 0
                                                 Local Policies -> Security Options -> Interactive logon : Do not require CTRL+ALT+DEL -> Enabled
                        Server Manager -> Server Summary -> Computer information -> Do not show me this console at logon -> Selected
                                                            Security Information -> Configure IE ESC -> Administrators: -> Off
                                                                                                        Users: -> Off
                                          Features Summary -> Add Roles -> File Services -> Windows Search Service -> Selected
                                                              Add Features -> Desktop Experience -> Selected
                                                                              Wireless LAN Service -> Selected
Control Panel -> System -> Advanced system settings -> Advanced -> Performance Settings -> Visual Effects -> Adjust for best appearance
                                                                                           Advanced -> Processor scheduling -> Programs
                                                                                           Date Execution Prevention -> Turn on DEP for essential Windows programs and services only
gpedit.msc -> Computer Configuration -> Administrative Templates -> System -> Display Shutdown Event Tracker -> Disabled
services.msc -> Themes -> Automatic
                Windows Audio -> Automatic
其它設定:
regedit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache


Administrative Tools -> Local Security Policy -> Network List Manager Policies -> Unidentified Networks -> Location type -> Private
                                                                                                           User permissions -> User cannot change location
                                                 Software Restriction Policies -> Additional Rules -> New Path Rule (Action -> New Software Restriction Policies)
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\System32\WinSAT.exe // WS2008R2 n/a


Network and Sharing Center -> Change advanced sharing settings -> Home or Work -> HomeGroup connections -> Use user accounts and passwords to connect to other computers -> Selected // WS2008R2 n/a


C:\WINDOWS\system32\drivers\etc\hosts


cmd
set devmgr_show_nonpresent_devices=1
start devmgmt.msc

BOOTSECT.EXE /NT60 C:
BCDBOOT C:\WINDOWS /L JA-JP /S C:

2010年12月16日木曜日

AMD(ATI)人品測試程式

最近出了 10.12 就下載來試用
一樣不給安裝
安裝程式會找不到 Display Driver 和 CCC
於是使用強制安裝的方法
先執行安裝程式 10-12_vista64_win7_64_dd_ccc_enu.exe
解壓縮完後
開啟下列的檔案
C:\ATI\Support\10-12_vista64_win7_64_dd_ccc_enu\Config\InstallManager.cfg
WorkaroundInstall=true //把這行改成 true ; 預設值是 false
然後到這邊 C:\ATI\Support\10-12_vista64_win7_64_dd_ccc_enu
執行 setup.exe
這時 安裝時 就有 Display Driver 和 CCC 可以選了

中間有試用過移除驅動程式的軟體
結果更慘 連裝置管理員的驅動都不能安裝
後來不斷的嚐試後(也不知道做了什麼)
10.9 的 Driver 忽然安裝成功了
然後就用強制安裝法 把 10.9 的 Display Driver 和 CCC 都裝好了
本來不想無謂生事了(上面那些弄了4小時)
後來想說10.12也試一下強制安裝
結果就順利升級上去了

問題點的話
感覺是在於用了第3方清除驅動程式的軟體
可能清除了不該清除的東西(不過這也只是臆測-.-)
也可能 Windows 7 用太久了
常常安裝移除一大堆有的沒的
總之原因不明-.-
白白浪費了4小時= =

2010年12月15日水曜日

Debian 5.0.7 ssh 設定

//ssh 安裝方法
System -> Administration -> Syanaptic Package Manager
Search "ssh"
Mark for Installation "ssh"

vim /etc/ssh/sshd_config
Port 22 //改一下想要的 port 比較安全
PermitRootLogin no //禁止 root 登入

vim /etc/hosts.allow
sshd:192.168.0.0 //設定允許 ssh 連線的 ip

vim /etc/hosts.deny
sshd:all //設定不允許所有連線(不過 allow 裡的例外)

/etc/init.d/ssh restart //重新啟動
目前是使用這套 ssh 連線軟體(不過它也很久沒更新)
http://www.chiark.greenend.org.uk/~sgtatham/putty/

2010年12月11日土曜日

Debian 5.0.7 DHCP+NAT

首先 需要2張網路卡(VM下就新增一張就好)
//DHCP
System -> Administration -> Syanaptic Package Manager
Search "dhcp3-server"
Mark for Installation "dhcp3-server" //先安裝 dhcp3-server

vim /etc/network/interfaces //編輯網路卡位址(eth1)
auto eth1
iface eth1 inet static
address 192.168.10.254
netmask 255.255.255.0

/etc/init.d/networking restart //重新啟動網路

vim /etc/default/dhcp3-server //設定 dhcp3-server 使用的網路卡
INTERFACES="eth1"

vim /etc/dhcp3/dhcpd.conf
# option definitions common to all supported networks...
# option domain-name "example.org"; //這行要註解掉
# option domain-name-servers ns1.example.org, ns2.example.org; //這行要註解掉

# default-lease-time 600; //這行要註解掉
# max-lease-time 7200; //這行要註解掉

# A slightly different configuration for an internal subnet. //加入下面設定
subnet 192.168.10.0 netmask 255.255.255.0 {
  range 192.168.10.100 192.168.10.200; //IP 分配的範圍
  option domain-name-servers 168.95.192.1, 168.95.1.1; //這邊的 DNS 要看你的 ISP
  option domain-name "belldandy.org";
  option routers 192.168.10.254; //要和 eth1 的位垃相同 且不能在分配範圍
  option broadcast-address 192.168.10.255; //廣播位址 通常用最後一個
  default-lease-time 600;
  max-lease-time 7200;
  host vmbell { //設主機名稱 較容易辨識(這邊是發給機器固定的 ip 用的)
    hardware ethernet 00:0c:29:a3:4a:fd; //網路卡的 MAC
    fixed-address 192.168.10.x; //要設定的 ip (建議別設自動分配的範圍)
  }
}

/etc/init.d/dhcp3-server start //啟動 dhcp3-server
vim /var/lib/dhcp3/dhcpd.leases //紀錄發了哪些 ip
上面的操作都正確執行後
執行 pppoeconf 設定連線
然後安裝 Firestarter 來分享頻寬(圖形介面很方便)

2010年12月7日火曜日

TrueCrypt 7.0a 在 Debian 5.0.7 下的安裝方法

TrueCrypt 7.0a 在 Ubuntu(10.10) 下 直接安裝完就可以使用
但是在 Debian(5.0.7) 下安裝時 會少 2 個套件
這時手動安裝就好
System -> Administration -> Syanaptic Package Manager
Search "fuse-utils"
Mark for Installation "fuse-utils"

Search "cryptsetup"
Mark for Installation "cryptsetup"
裝好這 2 個就沒問題了
但是 如果你的加密磁區有 NTFS 格式的
還要加裝下面這個
Search "ntfs-3g"
Mark for Installation "ntfs-3g"
另外
非 root 登入的話
載入加密分割區似乎會有權限不足的問題(輸入 root 密碼還是不行)
在 Terminal 下
使用 su 取得管理員權限(需密碼)
truecrypt & (背景執行)
jobs -l (查詢背景執行的程式)
這樣就不會遇到上面的問題
只是要讀寫加密磁區的程式也必需從這邊執行
不然也是會遇到權限不足的問題