IT Resource

For those on a shared hosting web server, myIPneighbors is a great way to find out who your neighbors are or just see how many other websites your hosting company hosts on the same server.

With myIPneighbors, you will be able to see whether or not your website is packed onto a crowded server with hundreds of other sites.  You may also be able to tell if there is questionable content being hosted side by side with your site.

If you want to try it our, visit http://www.myIPneighbors.com

The code below will display a hyperlinked list of all the files contained in a specified folder. This is a very simple way to have your own directory browser. Simply copy the code below into a new notepad document and save it as browser.php. Now upload the file to somewhere on your web server and browse to it. You should see an index of all files in the directory of your webserver.

<?php
$path = “/home/username/public_html/folder/”;

$dir_handle = @opendir($path) or die(“Unable to open $path”);

while ($file = readdir($dir_handle)) {
if($file == “.” || $file == “..” || $file == “index.php” )
continue;
echo “<a href=\”$file\”>$file</a><br />”;
}

closedir($dir_handle);

?>

And there you have it! A very simple way of creating a directory browser.

For whatever reason, there may come a time when you want or need to block an IP Address or domain name from accessing your website. There are a number of ways to do this and I will demonstrate these below.

You need to start off by creating a .htaccess file and placing it in the directory for which you want it to take affect on. For example, if you block access to example.com, you would place the .htaccess file in the root/home directory of your website. If you wanted to block access to example.com/myfiles, you would place the .htaccess file in the myfiles directory.

Once you have worked out what part of your website you want to block access to, you will need to add the following to the .htaccess file:

order allow,deny
deny from 203.101.101.101
allow from all

This will refuse all requests made by the IP address 203.101.101.101. An error message similar to the following will be shown instead.

Ok, so now lets say you wanted to block multiple IP Addresses from accessing your site. You simply list the IP Addresses one per line:

order allow,deny
deny from 203.101.101.101
deny from 203.101.101.102
deny from 203.101.101.103
allow from all

You also have the ability to block an entire IP Address range. You can do this by not specifying the last octet in the IP Address:

deny from 203.101.101

This will restrict access to anyone who falls in the 203.101.101 to 203.101.101.255 address range.

Instead of using IP Addresses to restrict access, you can also use domain names as well:

deny from example.com

You should be careful when using the .htaccess file to block an entire IP Address range or domain name as it’s likely to block access to genuine users. Where possible, and unless you have a specific need to block an entire range or domain name, you would be in most cases better off specifying individual IP Addresses or domain names.

Passwords are apart of our everyday life in today’s digital world. No matter where you go or what you are doing, you will be asked for a password to access something at least once a day. Whether it be to access your work or home computer, your email accounts (Hotmail, GMail), eBay, Paypal, online banking, online shopping, and generally anything else where your personal information is stored.

All to often you hear about people who have had their digital identities stolen. It is bound to happen to you at least once throughout your life. You probably wont even realise it until it is to late. One day you will go to check your bank account balance online and find that the $1000 you have been saving for the past 12 months is gone, or maybe a new personal loan has been taken out in your name. This kind of thing is certainly not unheard of or uncommon.

Even if you choose a long password, 50 characters for instance, that password is useless if all it contains is basic words that can be found in the average dictionary. There are programs out there that can very easily break these passwords either by brute force or dictionary attacks.

With that in mind, passwords with strong complexity requirements should be used whenever possible.

What Not To Use

• You should never use your real name, a username or a word that can be easily associated with you, such as the name of your children, birth date, pet, spouse and so on. These are generally the first things criminals will try.
• Don’t use a word that exists in the dictionary. There are sophisticated tools out there that can rapidly guess passwords that are based on words in dictionaries, including common misspellings, words spelled backwards, and substitutions. This also includes all sorts of profanity.
• Don’t use the same password on multiple systems. If any one of those systems (online forums, email accounts, etc) using this password is compromised, all of your other information protected by that password should also be considered compromised. It is critical to use different passwords for different systems.
• Don’t use an alphabetic or numeric series of characters. Exmaple: ABCDE, EDCBA, 12345, 54321.
• Don’t use a string of identical letters or numbers. Exmaple: AAAAAA, BBBBBB, 111111, 222222.
• Don’t store you passwords anywhere online!

Creating a Strong Password

• The most secure passwords are at least 14 or more characters long (8 or more characters at an absolute minimum). The more characters you add, the more secure your password.
• These passwords should contain a variety of upper and lower case letters as well as numbers.
• They should also include symbols such as: $ % @ # * & > < ! +
• Many systems also support the use of a space (space bar). Take advantage of this where possible.

Creating a strong password is a relatively simple exercise however, far to many people refuse to do it and continue using simple passwords, not to mention the same password, and for one reason… it’s easy to remember! This should never be used as an excuse for protecting sensitive information. It’s just not worth the risk.

Password Examples

Bad Passwords:

• admin12345
• abcABC123
• password1

Good Passwords:

• MyeB4yAcc0untP@$$w0rd – My eBay Account Password
• MyC0mput3rP@$$w0rd! – My Computer Password!
• Ih4t3myP3tF3rr3t! – I hate my Pet Ferret!

Protecting Your Password

Treat your passwords with as much care as the information that they protect. For example, don’t go sticking the password to your online banking to the front of your computer monitor. This to be quite honest would be down right stupid!

• Use a different password on each account/system that contains information that you want to protect.
• If someone sends you an email asking you to enter in your username and password because the system is being updated (or something along those lines), DON’T DO IT! DELETE THE EMAIL! No bank, financial institution or any other company for that matter will/should ever ask you to submit a password to them via email. Even over the phone don’t do it. They can confirm who you are using various other methods like your date of birth, drivers license number, telephone number or even your address, but don’t give them your password. They do not need it. If they persist, hang up and call them yourself and explain the situation. Even better, go into the bank and personally speak to a consultant. The password is the key! No one but you needs to know this password. Who cares if someone knows when you were born though!
• You should change your passwords regularly. This will keep criminals guessing and if they do actually manage to crack your password, it’s to late, you have changed it already, and they are back to square one. The strength of your password will help keep it valid for a longer. A password that is shorter than 8 characters should be considered only good for a month or two at the most. A password that is 14 characters or longer (and follows the rules outlined above) can be good for several years.
• If you ‘really’ have to write your passwords down, keep them somewhere safe and preferably not all together. If you have a library of books available to you, pick a big book and open it up at a random page. Using pencil, lightly write your password in there and just remember the page number. Don’t write your passwords on sticky notes and place them underneath your keyboard or on your computer monitor.
• Don’t reveal your passwords to others. Keep your passwords hidden from friends or family members (especially children) who could pass them on to other less trustworthy individuals. Passwords that you need to share with others, such as the password to your online banking account that you might share with your spouse, are the only exceptions.

I hope you find this article useful. If you are one of those people who currently use simple passwords, maybe it’s about time you put into practice some of things mentioned above. It’s better to have to much security then not enough.

You may or may not know this, but as you install more programs and applications on your computer, some of them automatically place themselves into your computers startup process. MSCONFIG can help you remove these unwanted programs from the startup process and in turn, your computer should start up quicker and generally run alot better as you wont be loading up programs that you don’t really need.

The first thing you need to do is click on the Start button and then click on Run…. Type in MSCONFIG and press Enter (or click OK).

This will bring up another window called the System Configuration Utility, like the one pictured below. Go to the tab on the far right hand side called Startup and click on it.

This will bring up a list of all the programs and applications your computer loads when it starts up. Go through the list and un-tick the ones you don’t want to load with windows. Be careful which ones you un-tick though. Some of them may be required for your computer to run in a stable condition. If you are unsure about any of them, post it below and we will attempt to help you out. Once you have done that, click on Apply and then OK down the bottom. A window will pop up asking you to Restart or Exit Without Restart.

It is generally a good idea to Restart your computer and load the changes straight away. Once your computer has been restarted, you will be presented with a message window like the one below. At the bottom of this window it states Don’t show this message or launch the System Configuration Utility when Windows start – tick the box next to this message and click OK.

With any luck, this will hopefully shorten the time it takes for your computer to boot up into Windows and in general, run faster.

It can get extremely frustrating when trying to send a file via email only to find that it’s too big.  Maybe it’s a video, music, or even some images.  I’ve come across this problem myself many times before and in the end, you have no choice but to copy your files to CD/DVD or even a USB flash drive and send it off via post, which usually takes a day or two, even when using the priority/express service.

What if you wanted someone to receive your files within hours, even minutes (depending on the file size) with very little effort at all?  What if I told you that it’s possible and totally free as well?

There are two really good web based file storage and delivery services which I’ve used for quite some time now and never had an issue with either one. Best of all, they are fast, free and very simple to use.

- DropSend
Quick and easy sign up; takes about 15 seconds and you are good to go.  Very simple interface to navigate around.  You can store up to 250MB of files and send up to 5 files per month, absolutely free!  Paid plans are also available from $5 per month.

- YouSendIt
Also a quick and easy sign up process; takes about 2 minutes.  Also includes a simple interface to navigate.  You can send files up to 100MB and have 1000MB of bandwidth allocated to your account each month.

Both of these tools come with plugins and add-ons which will allow you to send files directly from your desktop, without having to log into the website each time, making life even easier.

This smartphone will include a 3-inch WVGA (800 by 480 pixel) touchscreen that can slide aside to reveal a QWERTY keyboard. Other navigation options will be a four-way key and an optical joystick.

The X1 will be a quad-band GSM phone with support for the 3G frequencies used around the world. It will also have Wi-Fi and Bluetooth.

This Windows Mobile Professional device will include up to 400 MB of internal storage, and a Memory Stick Micro card slot for additional storage.

In addition, this model will include aGPS, a 3.2 megapixel camera, and an FM receiver.

It will be 4.3 inches wide, 2.1 inches tall, and 0.66 inches thick (110 mm x 53 mm x 16.7 mm). It will weigh 5.1 oz. (145 g).

Sony Ericsson says the XPERIA X1 will debut in the U.S. in the second half of 2008. The company is not yet willing to say what this model will cost.

Availability is not yet known for the Australian market.

This article describes how to configure Windows XP to automate the logon process. This feature permits other users to start your computer and to use the account that you establish to automatically log on.

Note: If you turn on autologon, using Windows XP becomes more convenient however, using this feature can pose a security risk.

1. Click Start, and then click Run.

2. In the box, type in control userpasswords2, and then click OK.

3. Clear the Users must enter a user name and password to use this computer check box, and then click Apply.

4. In the Automatically Log On window, type the password in the Password box, and then retype the password in the Confirm Password box.

5. Click OK to close the Automatically Log On window, and then click OK to close the User Accounts window.

Each version of Exchange Server includes a build number so that you can easily identify which version of the software you are running.

Open the Exchange System Manager, expand Servers, right-click your server, click Properties, select the General tab (if it isn’t already selected) and you should see something similar to this:

Exchange 2000

4417.5 – Exchange 2000 RTM
4629.1 – SBS 2000 Exchange 2000
4712.7 – Exchange 2000 SP1
5762.4 – Exchange 2000 SP2
6249.4 – Exchange 2000 SP3

Exchange 2003

6944.4 – Exchange 2003 RTM (including SBS2003)
7226.6 – Exchange 2003 SP1
7638.2 – Exchange 2003 SP2

This guide will run you through the steps required to transfer the Flexible Single Master Operations (FSMO) roles (also known as operations master roles) by using the Active Directory snap-in tools in Microsoft Management Console (MMC) in Windows Server 2003.

FSMO Roles

In a forest, there are at least five FSMO roles that are assigned to one or more domain controllers. The five FSMO roles are:

• Schema Master: The schema master domain controller controls all updates and modifications to the schema. To update the schema of a forest, you must have access to the schema master. There can be only one schema master in the whole forest.
• Domain naming master: The domain naming master domain controller controls the addition or removal of domains in the forest. There can be only one domain naming master in the whole forest.
• Infrastructure Master: The infrastructure is responsible for updating references from objects in its domain to objects in other domains. At any one
  time, there can be only one domain controller acting as the infrastructure master in each domain.
• Relative ID (RID) Master: The RID master is responsible for processing RID pool requests from all domain controllers in a particular domain. At any one time, there can be only one domain controller acting as the RID master in the domain.
• PDC Emulator: The PDC emulator is a domain controller that advertises itself as the primary domain controller (PDC) to workstations, member servers, and domain controllers that are running earlier versions of Windows. For example, if the domain contains computers that are not running Microsoft Windows XP Professional or Microsoft Windows 2000 client software, or if it contains Microsoft Windows NT backup domain controllers, the PDC emulator master acts as a Windows NT PDC. It is also the Domain Master Browser, and it handles password discrepancies. At any one time, there can be only one domain controller acting as the PDC emulator master in each domain in the forest.

You can transfer FSMO roles by using the Ntdsutil.exe command-line utility or by using an MMC snap-in tool. Depending on the FSMO role that you want to transfer, you can use one of the following three MMC snap-in tools:

• Active Directory Schema snap-in
• Active Directory Domains and Trusts snap-in
• Active Directory Users and Computers snap-in

If a computer no longer exists, the role must be seized. To seize a role, use the Ntdsutil.exe utility.

Transfer the Schema Master Role

Use the Active Directory Schema Master snap-in to transfer the schema master role. Before you can use this snap-in, you must register the Schmmgmt.dll file.

Register schmmgmt.dll

1. Click Start, and then click Run.
2. Type regsvr32 schmmgmt.dll in the Open box, and then click OK.
3. Click OK when you receive the message that the operation succeeded.

Transfer the Schema Master Role

1. Click Start, click Run, type mmc in the Open box, and then click OK.
2. On the File, menu click Add/Remove Snap-in.
3. Click Add.
4. Click Active Directory Schema, click Add, click Close, and then click OK.
5. In the console tree, right-click Active Directory Schema, and then click Change Domain Controller.
6. Click Specify Name, type the name of the domain controller that will be the new role holder, and then click OK.
7. In the console tree, right-click Active Directory Schema, and then click Operations Master.
8. Click Change.
9. Click OK to confirm that you want to transfer the role, and then click Close.

Transfer the Domain Naming Master Role

1. Click Start, point to Administrative Tools, and then click Active Directory Domains and Trusts.
2. Right-click Active Directory Domains and Trusts, and then click Connect to Domain Controller.

Note: You must perform this step if you are not on the domain controller to which you want to transfer the role. You do not have to perform this step if you are already connected to the domain controller whose role you want to transfer.

3. Do one of the following:

In the Enter the name of another domain controller box, type the name of the domain controller that will be the new role holder, and then click OK.

- or -

In the Or, select an available domain controller list, click the domain controller that will be the new role holder, and then click OK.

4. In the console tree, right-click Active Directory Domains and Trusts, and then click Operations Master.
5. Click Change.
6. Click OK to confirm that you want to transfer the role, and then click Close.

Transfer the RID Master, PDC Emulator, and Infrastructure Master Roles

1. Click Start, point to Administrative Tools, and then click Active Directory Users and Computers.
2. Right-click Active Directory Users and Computers, and then click Connect to Domain Controller.

Note: You must perform this step if you are not on the domain controller to which you want to transfer the role. You do not have to perform this step if you are already connected to the domain controller whose role you want to transfer.

3. Do one of the following:

In the Enter the name of another domain controller box, type the name of the domain controller that will be the new role holder, and then click OK.

- or -

In the Or, select an available domain controller list, click the domain controller that will be the new role holder, and then click OK.

4. In the console tree, right-click Active Directory Users and Computers, point to All Tasks, and then click Operations Master.
5. Click the appropriate tab for the role that you want to transfer (RID, PDC, or Infrastructure), and then click Change.
6. Click OK to confirm that you want to transfer the role, and then click Close.

And there you have it. How to view and transfer FSMO roles in Windows Server 2003.

There is one thing that is missing from the Windows Vista Start menu which has existed on every other version of Windows – the Run dialog.

Before you go trying to add it back into the Start menu, you should know that there are a couple of ways to Run commands which don’t require you to have the Run dialog on the Start menu.

1. Press the Windows Key + R on your keyboard and the Run dialog box will appear.
2. Simple press the Windows Key (or click the Start button) and start typing your command.

Yes, the field that says Start Search in it can also be used to run commands.
Still want your Run dialog to appear on the Start menu? Ok, here is how to do it.

Right-click on the Start button, select Properties, and then click the Customise button. You’ll be taken to the Customise Start Menu screen.

Find and check the “Run command” checkbox in the list and then click OK to exit. It should now appear on your Start menu:

Note the addition of the Run… button.

The Open System Interconnection (OSI) reference model describes how information from a software application in one computer moves through a network medium to a software application in another computer. The OSI reference model is a conceptual model composed of seven layers, each specifying particular network functions.

The model was developed by the International Organization for Standardization (ISO) in 1984, and it is now considered the primary architectural model for intercomputer communications. The OSI model divides the tasks involved with moving information between networked computers into seven smaller, more manageable task groups. A task or group of tasks is then assigned to each of the seven OSI layers. Each layer is reasonably self-contained so that the tasks assigned to each layer can be implemented independently. This enables the solutions offered by one layer to be updated without adversely affecting the other layers.

The seven layers of the OSI model are:

• Layer 7 – Application
• Layer 6 – Presentation
• Layer 5 – Session
• Layer 4 – Transport
• Layer 3 – Network
• Layer 2 – Data link
• Layer 1 – Physical

Layer 7 – Application Layer
This is the layer that interacts with the operating system and/or application whenever the user chooses to transfer files, e-mail, create terminal sessions or other network software services or related activities. Telnet and FTP are applications that exist entirely in the application level.

Layer 6 – Presentation Layer
Layer 6 takes the data provided by the Application layer and converts it into a standard format that the other layers can understand. Protocols at the presentation layer are part of the operating system and application the user runs on a workstation. Information is formatted for display or printing in this layer. Codes within the data, such as tabs or special graphics sequences, are interpreted. This layer also encrypts data to be sent across a network, as well as providing translation of other character sets.

Layer 5 – Session Layer
The session layer establishes, manages, and terminates communication sessions. Communication sessions consist of service requests and service responses that occur between applications located in different network devices. These requests and responses are coordinated by protocols implemented at the session layer. Some examples of session-layer implementations include Zone Information Protocol (ZIP), the AppleTalk protocol that coordinates the name binding process; and Session Control Protocol (SCP), the DECnet Phase IV session layer protocol.

Layer 4 – Transport Layer
The transport layer provides a high level of control for moving information between systems, including more sophisticated error handling, prioritization, and security features. The transport layer provides quality service and accurate delivery by providing connection oriented services between two end systems. It controls the sequence of packets, regulates traffic flow, and recognizes duplicate packets. The transport layer assigns packetized information a traffic number that is checked at the destination. If data is missing from the packet, the transport layer protocol at the receiving end arranges with the transport layer of the sending system to have packets re-transmitted. This layer ensures that all data is received and in the proper order.

Layer 3 – Network Layer
The network layer defines the network address, which differs from the MAC address. Some network layer implementations, such as the Internet Protocol (IP), define network addresses in a way that route selection can be determined systematically by comparing the source network address with the destination network address and applying the subnet mask. Because this layer defines the logical network layout, routers can use this layer to determine how to forward packets. Because of this, much of the design and configuration work for internetworks happens at Layer 3, the network layer.

Layer 2 – Data-Link Layer
The data link layer defines the rules for sending and receiving information across the physical connection between two systems. This layer encodes and frames data for transmission, in addition to providing error detection and control. Because the data link layer can provide error control, higher layers may not need to handle such services. However, when reliable media is used, there is a performance advantage by not handling error control in this layer, but in higher layers. Bridges operate at this layer in the protocol stack.

Layer 1 – Physical Layer
Physical layer specifications define characteristics such as voltage levels, timing of voltage changes, physical data rates, maximum transmission distances, and physical connectors for activating, maintaining, and deactivating the physical link between communicating network systems. Well-know physical layer interfaces for local area networks (LANs) include Ethernet, Token-Ring, and Fiber Distributed Data Interface (FDDI).

You can use the Remote Desktop feature in Microsoft Windows XP and Windows 2003 to connect to a remote computer.  The default port Remote Desktop listens on is 3389.

Note: The Remote Assistance feature in Microsoft Windows XP may not work correctly if you change the listening port.

To change the port that Remote Desktop listens on, follow these steps:

1. Start the Registry Editor by click on the Start button, selecting Run, type in regedit, and then press Enter.
2. Locate and then click the following registry subkey:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Contro l\TerminalServer\WinStations\RDP-Tcp\PortNumber

3. On the Edit menu, click Modify, and then click Decimal.

4. Type the new port number, and then click OK.

5. Quit Registry Editor.

To connect to the computer you changed the listening port on, you must specify the port number in the Remote Desktop Connection dialogue box. For example, instead of just typing the computer name, you need to add Portnumber to the end (where portnumber is the listening port).

Default – No port specified – connecting to the default port of 3389.

Adding the listening port number to the computer name.

While browsing the internet, there are many status messages you may come across. Anyone who has been browsing the internet for longer then 10 minutes is bound to come across one, or even two!

Here is an example of what a 404 status messages looks like:

In Firefox

In Internet Explorer 7

Most status messages will look very similar but provide different information depending on the status/error.

Below is a list along with a brief description of what they all mean.

1xx: Information

100 Continue – Only a part of the request has been received by the server, but as long as it has not been rejected, the client should continue with the request
101 Switching Protocols – The server switches protocol

2xx: Successful

200 OK – The request is OK
201 Created – The request is complete, and a new resource is created.
202 Accepted – The request is accepted for processing, but the processing is not complete.
203 Non-authoritative Information – Request probably completed successfully but can’t tell from original server.
204 No Content – The requested completed successfully but the resource requested is empty (has zero length).
205 Reset Content – The requested completed successfully but the client should clear down any cached information as it may now be invalid.
206 Partial Content – The request was cancelled before it could be fulfilled. Typically the user gave up waiting for data and went to another page. Some download accelerator programs produce this error as they submit multiple requests to download a file at the same time.

3xx: Redirection

300 Multiple Choices – A link list. The user can select a link and go to that location. Maximum five addresses.
301 Moved Permanently – The requested page has moved to a new url.
302 Found – The requested page has moved temporarily to a new url.
303 See Other – The requested page can be found under a different url.
304 Not Modified – The server has identified from the request information that the client’s copy of the information is up-to-date and the requested information does not need to be sent again.
305 Use Proxy – The request must be sent through the indicated proxy server.
306 Unused – This code was used in a previous version. It is no longer used, but the code is reserved.
307 Temporary Redirect – The requested page has moved temporarily to a new url.

4xx: Client Error

400 Bad Request – The server did not understand the request.
401 Unauthorised – The requested page needs a username and a password.
402 Payment Required – You can not use this code yet.
403 Forbidden – Access is forbidden to the requested page.
404 Not Found – The server can not find the requested page.
405 Method Not Allowed – The method specified in the request is not allowed.
406 Not Acceptable – The server can only generate a response that is not accepted by the client.
407 Proxy Authentication Required – You must authenticate with a proxy server before this request can be served.
408 Request Timeout – The request took longer than the server was prepared to wait.
409 Conflict – The request could not be completed because of a conflict.
410 Gone – The requested page is no longer available.
411 Length Required – The “Content-Length” is not defined. The server will not accept the request without it.
412 Precondition Failed – The precondition given in the request evaluated to false by the server.
413 Request Entity Too Large – The server will not accept the request, because the request entity is too large.
414 Request-url Too Long – The server will not accept the request, because the url is too long. Occurs when you convert a “post” request to a “get” request with a long query information.
415 Unsupported Media Type – The server will not accept the request, because the media type is not supported.
416 Requested Range Not Satisfiable – The portion of the resource requested is not available or out of range.
417 Expectation Failed – The Expect specifier in the HTTP request header can not be met.

5xx: Server Error

500 Internal Server Error – The request was not completed. The server met an unexpected condition.
501 Not Implemented – The request was not completed. The server did not support the functionality required.
502 Bad Gateway – The request was not completed. The server received an invalid response from the upstream server.
503 Service Unavailable – The request was not completed. The server is temporarily overloading or down.
504 Gateway Timeout – The gateway has timed out.
505 HTTP Version Not Supported – The server does not support the “http protocol” version.

Along with the new Windows Firewall in Windows Server 2003 SP1 and Windows XP SP2, Microsoft provided an updated system.adm administrative template file that adds Group Policy settings that you can use to configure firewall behavior at a local machine policy level or by using an Active Directory-based Group Policy Object (GPO). To access the Windows Firewall Group Policy settings, open either a local machine policy (run gpedit.msc on a workstation) or a GPO stored in a domain. Expand Computer Configuration, Administrative Templates, Network, Network Connections, and Windows Firewall.

You can configure firewall settings under both the Domain Profile and Standard Profile subfolders. You use the domain profile when the computer is connected to the Active Directory network and the standard profile when the machine isn’t connected to the corporate network. This setup lets you configure different settings for networked machines and remote machines, as this figure shows.

Click to enlarge

The options under each of the two branches are identical, and you can click an item to view its description. Here are some key settings you may want to enable:

1. Windows Firewall: Protect all network connections. This setting essentially forces the firewall on or off for the profile.
2. Windows Firewall: Do not allow exceptions. This option instructs the firewall to ignore any exceptions that have been defined. Enabling this setting is equivalent to selecting the “Don’t allow exceptions” check box on the General tab of Windows Firewall in Control Panel.
3. Windows Firewall: Define program exceptions Properties. This setting lets you define custom programs, to which you can then grant exceptions to pass through the firewall.
4. Windows Firewall: Prohibit notifications. This setting stops the firewall from prompting users whether they want to allow exceptions for a currently stopped program.
5. Windows Firewall: Allow logging. This option lets you configure the logging level for the firewall, the log size, and its name and location.

For more information about Windows Firewall policy settings, see Windows Firewall Technical Reference in the Network Security Technologies section of the Networking Collection on the Microsoft Windows Server 2003 TechCenter site on TechNet.