Microsoft ISA 2006 and Publishing an SSL Website on an internal server

Microsoft IIS Server configuration

1. If using manually created Certificates, install Certificate Services on the IIS Server.
2. Configure Certificate Services using the internet published Domain name.
3. On Web Site Properties and Web Site tab, ensure the site has the correct IP address of the Server and the correct SSL port 443.
4. In Directory Security, select Edit under Authentication and access control. In Authentication Methods ensure only Integrated Windows Authentication is selected.
5. On the folder and files containing the web site ensure the appropriate user group has Read & Execute (Domain users, Domain Staff etc.) permissions.
6. Ensure the web server is setup with a Default Gateway IP address of the ISA sever.

Microsoft ISA Server 2006 configuration

1. Import the SSL Certificate onto the ISA Server that was created on the IIS Server.

2. Publish a secure web site with Microsoft ISA 2006.

3. Ensure the sections of the published secure web site firewall policy rule are:

• General tab – name and enabled.
• Action tab – Allowed and Log requests matching this rule.
• From tab – the traffic from these sources – Anywhere.
• To tab – published site – The public domain name of the site. (The public domain name is registered to the internal IP address of web site by the HOSTS file. – see later in the guide.)
  Forward the original host header and also select Requests appear to come from the ISA Server.
• Traffic tab – The following protocol should be HTTPS, do not select Require 128-bit encryption and Require SSL Client Certificate.
• Listener tab – Select Properties
  i. Networks tab – External selected (All IP Addresses)
  ii. Connections tab – only Enable SSL (HTTPS) on port 443
  Leave Advanced setting to default – unlimited.
  iii. Certificates tab – Use a single certificate for this Web Listener and select the correct Certificate.
  iv. Authentication tab – client Authentication method select HTML Form Authentication and Authentication Validation Method as Windows (Active Directory)
  Click Advanced – select Require all users to authenticate, SSL Client Certificate timeout – 300s and Validate credentials every – 300s.
  Select the correct Domain Name.
  v. Forms tab – Deselect Use customized HTML forms, in Display the HTML form in this language select Match user browser settings, deselect both password management settings. Click Advanced.Leave the defaults.
  vi. SSO tab – Do not enable Single Sign On.
• Public Name tab – This rule applies to: select Requests for the following Web sites.
  In the Web site box enter in the public domain name.
• Paths tab – External Path should be , Internal Path should be /*
• Authentication Delegation tab – select NTLM authentication.
• Application Settings tab – do not select Use customized HTML forms, in Logon type provided to the Exchange server – select As selected by user (public or private.)
• Bridging tab – Ensure Web server is selected and Redirect requests to SSL port: 443.
• Users tab – ensure the user set is All Authenticated Users is selected.
• Schedule tab – the schedule should be Always.
• Link Translation tab – do not select Apply link translation to this rule.

4. In the Network configuration – Web Chaining, setup a bypass rule to retrieve requests directly from the specified destination. In the To tab add in the Internal Domain Name and website IP address.

5. Edit the ISA servers HOSTS file (C:\WINDOWS\system32\drivers\etc\hosts)Add a line at the bottom with the Internal IP address of the IIS Web server and the host name of the publicly registered domain name. (This is the public domain name that the ISA publishing rule uses.) – You may need to repair the network connection, or restart the server.

Ubuntu – Linux installation

Installing Ubuntu 7.10 on a Toshiba Portege A100 laptop

Installation seized / locked up:
Selected F6 from the boot menu
Then added:
noapic nolapic
Then pressed enter to continue installation.
https://help.ubuntu.com/community/BootOptions

VMWare Tools
https://help.ubuntu.com/community/VMware/Tools

Windows PE 2.0 and a USB flash drive

Windows PE is a version of the Windows OS that runs without installation entirely in memory (no harddisk required) and boots from a cd-rom or the network

Getting started
Download and install the Windows Automated Installation Kit (WAIK) it is available as a download. It's a big download. Burn it to a cd or mount it using some ISO/IMG mounting tool and install it.

The Windows PE Tools Command Prompt
Open up the Windows PE Tools Command Prompt from the Start Menu and make sure to Run as Administrator: (Run as Administrator is only required on Windows Vista and Windows Server 2008)

Alternatively, you can change the shortcut's properties, Advanced..., Run as Administrator to run it everytime elevated as an administrator.

Building your Windows PE
In order to build your custom Windows PE, follow the next steps:

1. Run copype.cmd as follows: copype.cmd x86 d:\winpe_x86
   This makes a copy of the Windows PE files to the specified folder. Alternatively, you can specify amd64 for 64-bit machines.
2. You can customize the Windows PE image (using the Windows Imaging Format, (WIM)) using ImageX:You can mount a WIM file to a folder using the following command:
   imagex /mountrw d:\winpe_x86\winpe.wim 1 d:\winpe_x86\mount
   This works through a file system driver called WimFltr (see sc queryex WimFltr).
3. Add all apps you like to add to the image in the mounted folder. Windows PE is based on packages that can be added to the image at will. This is done through peimg, using: peimg /list /image=d:\winpe_x86\mount\Windows
   to show a list of all images.
   Next, you can add packages by using the command:
   peimg /install=package d:\winpe_x86\mount\Windows
   where package is either * (all packages) or one from the list shown by invoking peimg with the /list switch.
   The packages are :
   WinPE-HTA-Package = HTML Application support
   WinPE-MDAC-Package = Microsoft Data Access Component support
   WinPE-Scripting-Package = Scripting (VBS, WSH) Support
   WinPE-WMI-Package = Windows Management Instrumentation Support
   WinPE-XML-Package = Microsoft XML (MSXML) parser support
4. To copy various deployment tools into the Windows PE image, type:
   xcopy "C:\Program files\Windows AIK\Tools\x86\*.*" "D:\WinPE_x86\Mount\Program Files\Tools" /s
   and then press ENTER.
   When prompted about a file or directory name, type D.
   
   Or other tools type XCopy “C:\Tools\*.*” “D:\WinPE_x86\Mount\Tools” /s, and then press ENTER. When prompted about a file or directory name, type D.
   
   You could add drivers and language packs as well, please see the notes lower in this blog or the help documentation that comes with the WAIK.
5. When you're done with the image customization, run peimg with the prep switch: peimg /prep d:\winpe_x86\mount\Windows
   and unmount the image using ImageX:
   imagex /unmount d:\winpe_x86\mount /commit
   and copy the created .wim file to the ISO folder:
   copy d:\winpe_x86\winpe.wim d:\winpe_x86\ISO\sources\boot.wim
   Answering Y to agree to the file being overwritten.

Create a bootable Windows PE ISO Image

You can create an ISO file for the image using oscdimg:

oscdimg -n -bd:\winpe_x86\etfsboot.com d:\winpe_x86\ISO d:\winpe_x86\winpe_x86.iso

where the -b flag specifies the El Torito boot sector for the ISO to be created. It just takes a few seconds to complete.

Create a Bootable Windows PE USB Flash disk

Finally, it's time to put the whole thing on a USB Flash key or to burn the ISO created in the previous step to a cd-rom. Open up diskpart and execute the following commands.

WARNING! Make sure to select the right disk in step 1; you can view all disks using the "list disk" command. In the steps below, all data from the USB Flash disk will be removed!

This is completed from a computer running Windows Vista. Windows Server 2003 version of diskpart does not display flash memory drives.

1. select disk 1
2. clean
3. create partition primary
4. select partition 1
5. active
6. format fs=fat32
7. assign
8. exit

Now copy to the d:\winpe_x86\ISO folder contents to the USB disk (which I assume has letter E: assigned)

xcopy d:\winpe_x86\ISO\*.* E: /e /h

Now you should be able to boot from the USB Flash disk. Make sure to select the right boot device during the boot cycle or to change the boot order in your computer's BIOS.

NOTES:

• Shutting down Windows PE - use wpeutil shutdown.
• Adding a driver
  drvload.exe x:\lan\atl01_xp.inf
  Online - the drvload.exe command allows the driver to load after starting WindowsPE. Ideal for rarely used drivers.
  
  peimg /inf=c:\lan\atl01_xp.inf D:\WinPE_x86\Windows
  Offline - the peimg /inf command for adding a driver in the image. Suitable for frequently used devices, e.g. network card. Only specifying the path to the folder is not sufficient, but you have to enter the full name of the driver file (if you do not do this, the erorr 0x80070002 will appear) #
• Change the language and location settings.
  The standard image has the QWERTY keyboard layout. Go back to step 2 to mount and do the following on the mounted image using intlcfg:
  intlcfg -inputlocale: -image:d:\winpe_x86\mount
  intlcfg -syslocale: -image:d:\winpe_x86\mount
  intlcfg -userlocale: -image:d:\winpe_x86\mount
  where is replaced by the locale you want (e.g. nl-be for Belgian Period keyboard).

Links:

• Update from technet - http://technet2.microsoft.com/WindowsVista/en/library/08629d0b-56b0-4194-9782-88d01a488ae01033.mspx?mfr=true
• Imagex - http://technet2.microsoft.com/WindowsVista/en/library/bb068119-1ba6-48c7-9ad7-3ed3f72592e91033.mspx?mfr=true
• Peimg - http://technet2.microsoft.com/WindowsVista/en/library/45563a61-155e-48a5-a833-b6cd5119ad4c1033.mspx?mfr=true
• Oscdimg - http://technet2.microsoft.com/WindowsVista/en/library/1d0b11f9-c0c7-4b9a-a17e-77e60d5c1d9a1033.mspx?mfr=true