Schlagwort-Archive: en

[EN] Howto open SAP Security Configuration

Your Problem is, that your PDF! Function does not more working during you accidently clicked on No instead of Yes on the Security Warning?

 

  • You get the Warning from the SAP GUI Security  Dialogproblem1

 

 

 

 

 

 

  • The System is trying to create the File
    • PATH\Appdata\Local\Temp\<randomfilename>.pdf in the directory \local\temp
    • Do you want to grant the permission to modifiy
      the parent directory and all its subdirectories?
  • You may click on Remember my Decision
  • For now, if you Deny – you will have to follow this guide to fix it else you wont be able to use PDF!-Function

 

If you did Allow, then your fine else see below:

In the Menu menu_onlyIs a Button, this button at the end of the toolbar is menu button

If you click on it it will
open up a Menu which we will Choose options

 

menu_option

Navigate to Secury, Security Settungs and
menu_inside

Click on Open Security Settings
menu_inside2

After this, the Security Configuration Window will be open and here you will able to fix your mistake

securiy-configuration

 

 

 

Referenz: SAP GUI for Windows Security Guide

[EN] Install Promox on Debian 7 Wheezy 64bit

ref: https://pve.proxmox.com/wiki/Install_Proxmox_VE_on_Debian_Wheezy

You may want to create your own Virtual Infrastructure

I Prefer to use NANO instead of VI/VIM and also i usally use direct root rights instead of sudo command

1) Check & Modifiy your Host-File

# sudo nano /etc/hosts
You may have to check, that you have 127.0.0.1 added to your hosts-file
You may also have to check that your Server-IP (1.2.3.4) will replaced by the real IP and the real hostname

127.0.0.1 localhost.localdomain localhost
1.2.3.4 myservername-short myservername.mydomain.tld

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

 

2) Check & Modify your apt source.list

# sudo nano /etc/apt/source.list
Copy and Paste

deb http://ftp.at.debian.org/debian wheezy main contrib
# PVE repository provided by proxmox.com, only for installation (this repo will stay on 3.1)
deb http://download.proxmox.com/debian wheezy pve
# security updates
deb http://security.debian.org/ wheezy/updates main contrib

2.1) Add a key to apt-key

wget -O- „http://download.proxmox.com/debian/key.asc“ | apt-key add –

[EN] Howto Reset the forgotten password on windows xp

You seem to have one Problem:

You forgotten the Password of Your Account? or the Administrator?

With the Ultimate-Boot CD you’r able to unlock your Account again.

 

[EN] Tunnel traffic from VPN through Server to enable Internet Access and use Squid as Transparent Proxy

You want to create OpenVPN or PPTD-VPN enabled server with your VPN or Dedicated Server?
It’s not so hard to do it, heres the manual way (may be improved later to do it in an automatic way)

  1. Install pptpd-vpn as shown HERE
    • # apt-get install squidguard squid3 pptpd-vpn  openvpn
      • or OpenVPN as shown HEREI prefere pptpd-vpn as it’s really easy to setup!
  • Try to connect, but at the moment you wont be able to use the Internet until
    • script on the next Step has been executed (and then reconnect)
    • or you use the Proxy
    • do the next steps:
      # nano /root/vpn_enable_access.sh

#BOF (START)
#TUN+ devices are used by OpenVPN
#TAP+ devices are used by PPP-VPN
# <- are Comments, leave it as is

# IP-Range i.e.: 192.168.1.0 or 10.0.0.0 or whatever
NAT-NETWORK=192.168.1.0

# CIDR Without / (Slash)
# Usally: 192.168.0.0 is /24 with 255.255.255.0
# Usally: 192.168.0.0 is /16 with 255.255.0.0
# Usally: 10.0.0.0 is /16 with 255.255.0.0
NAT-NETMASK=24

#TRANSPARENT-PROXY ROUTING PORT
PROXY-PORT1=7778
PROXY-PORT2=7779
OPVPN-PORT0=1194

#Primary Ethernet Card (Usally, Eth0)
eth-nic=eth0
### NO CHANGE BELOW EXCEPT YOU KNOW WHAT YOU DO ###

# OpenVPN (Firewall Port Opening)
iptables -A INPUT -i $eth-nic -m state –state NEW -p udp –dport $OPVPN-PORT0 -j ACCEPT

# Allow TUN interface connections to OpenVPN server
iptables -A INPUT -i tun+ -j ACCEPT
iptables -A INPUT -i tap+ -j ACCEPT
# Allow TUN interface connections to be forwarded through other interfaces
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -o $eth-nic -m state –state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i $eth-nic -o tun+ -m state –state RELATED,ESTABLISHED -j ACCEPT

# Allow TAP interface connections to be forwarded through other interfaces
iptables -A FORWARD -i tap+ -j ACCEPT
iptables -A FORWARD -i tap+ -o $eth-nic -m state –state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i $eth-nic -o tap+ -m state –state RELATED,ESTABLISHED -j ACCEPT
# NAT the VPN client traffic to the internet
# OpenVPN & PPP-VPN
iptables -t nat -A POSTROUTING -s $NAT-NETWORK/$NAT-NETMASK -o $eth-nic -j MASQUERADE
iptables -A OUTPUT -o tun+ -j ACCEPT
iptables -A OUTPUT -o tap+ -j ACCEPT

# Pre-Route trough Proxy
# Support for OpenVPN and PPP-VPN
iptables -t nat -A PREROUTING -i ppp+ -p tcp –dport 80 -j REDIRECT –to-ports $PROXY-PORT1
iptables -t nat -A PREROUTING -i tap+ -p tcp –dport 80 -j REDIRECT –to-ports $PROXY-PORT2

echo done.
#EOF (END)

  • # chmod 700 /root/vpn_enable_access.sh
  • # ./root/vpn_enable_access.sh #needs only to be runned on time per reboot.

The Reason why we use ppp+ and tap+ is, that we support more then one connection with this. I Also use 2 different Ports on Squid for having a easier handling, but you can also use the same ports.

 

 

2. Squid-Config:

  • # nano /etc/squid3/squid.conf

#BOF (BEGIN)
#requires SquidGuard
#url_rewrite_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf
#url_rewrite_children 5

# TAG: auth_param
# you may beed to use locate pam_auth to find the correct path
# i use physically existing user to aquire logon rights
auth_param basic program /usr/lib/squid3/pam_auth
auth_param basic children 5
auth_param basic realm Protected server Area
auth_param basic credentialsttl 12 hours
auth_param basic casesensitive off
#auth_param digest program /usr/lib/squid3/digest_pw_auth -c /etc/squid3/passwords
#auth_param digest realm proxy

acl checkpw proxy_auth REQUIRED
http_access allow checkpw all

acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl Safe_ports port 1-65535 # unregistered ports
acl CONNECT method CONNECT
follow_x_forwarded_for deny all
http_access allow manager localhost localnet
http_access deny manager
http_access deny to_localhost

#change here the ports you need
http_port 6777
http_port 6778 transparent
http_port 6779 transparent
http_port 3128
http_port 3129 transparent

#CACHE SECTION

#RAM
cache_mem 2048 MB
maximum_object_size_in_memory 4096 KB
memory_replacement_policy heap GSDF
#HDD
cache_dir aufs /var/spool/squid3 1000 512 256
store_dir_select_algorithm round-robin
max_open_disk_fds 10000
minimum_object_size 1 KB
maximum_object_size 64000 KB
cache_swap_low 90
cache_swap_high 95
minimum_expiry_time 300 seconds
store_avg_object_size 512 KB
store_objects_per_bucket 80
quick_abort_min 16 KB
quick_abort_max 32 KB
quick_abort_pct 95
read_ahead_gap 32 KB
access_log /var/log/squid3/access.log squid
cache_store_log /var/log/squid3/store.log
logfile_rotate 9
log_ip_on_direct on
pid_filename /var/run/squid3.pid
cache_log /var/log/squid3/cache.log
diskd_program /usr/lib/squid3/diskd
unlinkd_program /usr/lib/squid3/unlinkd
refresh_pattern ^http: 1440 20% 10000
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 600 10% 60000
refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880
refresh_pattern (\.deb|\.udeb)$ 129600 100% 129600
refresh_pattern . 600 30% 64320
refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 3600 90% 43200 refresh-ims
refresh_pattern -i \.index.(html|htm)$ 0 40% 10080 refresh-ims
refresh_pattern -i \.(html|htm|css|js|json)$ 1440 80% 40320 ignore-no-store
positive_dns_ttl 12 hours
negative_dns_ttl 19 seconds

client_lifetime 1 day
cache_mgr root
httpd_suppress_version_string on
visible_hostname server.name.tld

dns_timeout 1 minutes
hosts_file /etc/hosts
dns_v4_first on
ipcache_size 4096
fqdncache_size 4096
memory_pools on

memory_pools_limit 2048 MB
forwarded_for off

cachemgr_passwd 8527045 all
client_db on
# refresh_all_ims off
maximum_single_addr_tries 3
retry_on_error on
as_whois_server whois.ra.net
pipeline_prefetch on

max_filedescriptors 100000

http_access allow localnet
http_access deny all
icp_access allow localnet
icp_access deny all
htcp_access allow localnet
htcp_access deny all

via off
vary_ignore_expire on

#things that might interest you but dont need for work

#netdb_filename /var/log/squid3/netdb.state
# offline_mode off
# ipcache_low 90
# ipcache_high 95
#

 

 

## Enable only if you want a totaly anonmise your Proxy-Server

## Remind, that it could decraise your Internet-Expirence
# request_header_access Allow allow all
# request_header_access Authorization allow all
# request_header_access WWW-Authenticate allow all
# request_header_access Proxy-Authorization allow all
# request_header_access Proxy-Authenticate allow all
# request_header_access Cache-Control allow all
# request_header_access Content-Encoding allow all
# request_header_access Content-Length allow all
# request_header_access Content-Type allow all
# request_header_access Date allow all
# request_header_access Expires allow all
# request_header_access Host allow all
# request_header_access If-Modified-Since allow all
# request_header_access Last-Modified allow all
# request_header_access Location allow all
# request_header_access Pragma allow all
# request_header_access Accept allow all
# request_header_access Accept-Charset allow all
# request_header_access Accept-Encoding allow all
# request_header_access Accept-Language allow all
# request_header_access Content-Language allow all
# request_header_access Mime-Version allow all
# request_header_access Retry-After allow all
# request_header_access Title allow all
# request_header_access Connection allow all
# request_header_access All deny all

# reply_header_access From deny all
# reply_header_access Referer deny all
# reply_header_access Server deny all
# reply_header_access User-Agent deny all
# reply_header_access WWW-Authenticate deny all
# reply_header_access Link deny all
# reply_header_access Allow allow all
# reply_header_access Authorization allow all
# reply_header_access WWW-Authenticate allow all
# reply_header_access Proxy-Authorization allow all
# reply_header_access Proxy-Authenticate allow all
# reply_header_access Cache-Control allow all
# reply_header_access Content-Encoding allow all
# reply_header_access Content-Length allow all
# reply_header_access Content-Type allow all
# reply_header_access Date allow all
# reply_header_access Expires allow all
# reply_header_access Host allow all
# reply_header_access If-Modified-Since allow all
# reply_header_access Last-Modified allow all
# reply_header_access Location allow all
# reply_header_access Pragma allow all
# reply_header_access Accept allow all
# reply_header_access Accept-Charset allow all
# reply_header_access Accept-Encoding allow all
# reply_header_access Accept-Language allow all
# reply_header_access Content-Language allow all
# reply_header_access Mime-Version allow all
# reply_header_access Retry-After allow all
# reply_header_access Title allow all
# reply_header_access Connection allow all
# reply_header_access All deny all
#
#EOF (END)

 

3. Using the Proxy

On this Setup, i used PAM for Auth, this means that i prefer existing users on the System to auth against the Proxy.

  1. run the following commands after doing the change above
    • # /etc/init.d/squid3 restart
    • # /etc/init.d/pptpd restart
    • # /etc/init.d/openvpn restart
  2. adduser mynewproxyuser
    • in Case you want to create a new one
  3. adduser mynewproxyuser proxy
    • Allow „mynewproxyuser“ to use the proxy
  4. Try to connect to your proxy via your.hostna.me Port: 3128
    • If you can auth Successfully, then you are a lucky guy
      • Check, if you can open any other site, like google.de, heise.de, golem.de
        • OK? GOOD
        • NOK? BAD > Check Logs. And add your question to the Comments
  5. IF you can connect to your Proxie and can use the Internet, fine
  6. IF NOT
    1. Check if the Service is running
      1. ps auxwww | grep squid
      2. check logs
      3. run squid in non deamon mode for testing
        1. # squid3 -N
      4. remember to let squid on the first time of run create the Local Cache
        1. # squid3 -z

If everything got fine, you are now able to use your Server as a Proxy and a VPN-tunnel.

[EN] Howto block an IP-Adress with iptables

You want to block an IP on IPtables? or an IP-Range

 

then its just easier as you think:

 

# sudo nano /usr/local/bin/block-ip

Insert the following Code:

#!/bin/sh
iptables -A INPUT -s $1 -j DROP

# sudo chmod 700 /usr/local/bin/block-ip

And your done.

you can just now use as root
# blockip 194.54.81.164
You’ll block this single IP. I aint tested it with a Subnet yet, like 194.54.81.0/24 – but i think it might work.

Any questions to the comment

[EN] Reduce the size of the Offline Folder file (.ost)

Reducing the size of the Offline Folder file (.ost) file may improve performance if you have deleted a large quantity of items. This procedure does not delete any items that are saved on the server.

  1. Delete any items that you do not want to keep, and then empty the Deleted Items folder.
  2. On the Tools menu, click Account Settings.

    The Account Settings command is missing.

    The Account Settings command is on the Tools menu in Microsoft Office Outlook 2007. If you are using an earlier version of Outlook, the following instructions do not apply. Use the Help that is included with that product. If the title bar of the program that you are using displays Microsoft Outlook Express, you are using a program that is not the same as Outlook. See Help in Outlook Express for assistance.

  3. In the list, select Microsoft Exchange Server, and then click Change.
  4. Click More Settings.
  5. Click the Advanced tab, and then click Offline Folder File Settings.
  6. Click Compact Now.

Note

  • To delete an item from both the online and offline folders, select the item, and then press DELETE.
  • If you are using an Exchange account in Cached Exchange Mode, only the selected folder will be cleared from the local .ost file. The items on the server will be downloaded again to the .ost file on the next synchronization, if the folder is selected under Folder Options in Send/Receive Settings for the Exchange Server e-mail account.
  • When you use Cached Exchange Mode, public folders favorites are not synchronized by default. If you choose to synchronize public folders, the size of your Offline Folder file (.ost) may increase significantly.

 

Original by: Microsoft

[EN] Reduce the size of a Personal Folders file (.pst)

If you delete items from a Personal Folders file (.pst), the file is automatically compacted in the background when you’re not using your computer and Outlook is running. If you want to immediately reduce the size of the file, you can force a compaction. The procedure to compact the data file might take several minutes.

  1. On the File menu, click Data File Management.
  2. Click the data file that you want to compact, and then click Settings.
  3. Click Compact Now.

Note:    You do not have to exit Outlook after you compact a .pst file.

 

Original by: Microsoft

[EN] Manage the size of your mailbox

You can use the Mailbox Cleanup tool, which allows you to view the size of your mailbox and individual folders. You can also archive older items to an archive Personal Folders file (.pst) and empty your Deleted Items folder.

  1. On the Tools menu, click Mailbox Cleanup.
  2. Do any of the following:
    • To view the total size of your mailbox and of individual folders within it, click View Mailbox Size.
    • To locate older items, select Find items older than n days, enter a number between 1 and 999, and then click Find.
    • To locate large items, select Find items larger than n kilobytes, enter a number between 1 and 9999, and then click Find.
    • To move older items in your mailbox to an archive Personal Folders file (.pst), click AutoArchive. The default folder for archive .pst files is c:\Documents and Settings\user name\Local Settings\ Application Data\Microsoft\Outlook.
    • To view the size of your Deleted Items folder, click View Deleted Items Size.
    • To empty your Deleted Items folder, click Empty.
    • To view the size of your Conflicts folder, click View Conflicts Size.
    • To delete the contents of your Conflicts folder, click Delete.

 

Original by: Microsoft

[EN] howto use mount to bind directories

You want to bind i.e /home/username/folder1 to /home/username/folder2 and your not want to use hardlink for some reasons?

 

it’s easy:

sudo mount -o bind /home/username/folder1 /home/username/folder2

Please remind, that folder2 needs to exists, else it will fail

[EN] Modyfiy or Remove „Proudly powered by WordPress“

You want to remove the the Ad for WordPress? Its not a Problem!

 

make it easy and go to

  • Logon into Admin-Panel
    • goto Appearance
      • Editor
      • Click on the right the Footer(.php)
      • Youll find a codeblock

        <a href=“<?php echo esc_url( __( ‚http://wordpress.org/‘, ‚twentytwelve‘ ) ); ?>“ title=“<?php esc_attr_e( ‚Semantic Personal Publishing Platform‘, ‚twentytwelve‘ ); ?>“><?php printf( __( ‚Proudly powered by %s‘, ‚twentytwelve‘ ), ‚WordPress‘ ); ?></a>

Either you remove this, or as myself Prefere, i use it to change to as Credit

like:

<a href=“<?php echo esc_url( __( ‚https://www.ccb-net.de‘, ‚twentytwelve‘ ) ); ?>“ title=“<?php esc_attr_e( ‚CCB-Network‘, ‚twentytwelve‘ ); ?>“><?php printf( __( ‚CCB-Network 2015‘, ‚twentytwelve‘ ), ‚2015‘ ); ?></a>

And then you have either a TAG-FREE or even your own Branding!

[EN] Howto Syncronize Group Policies with gpupdate

You installed a new PC on your Domain Network and now, you have one Problem… you want to force the client to use the Group-Policies you’ve set on your Domain-Controller?!

 

No Problem!

Go a Head and use:

  • On Win xp:
    • Start
      • Run
        • cmd
  • on Win 7
    • Start
      • Search Programs/File
        • cmd
  • OR – The „Short-Cut Way“
    • Windows+R
      • cmd

 

After that you may open up your Dos-Box which you enter then

  •  gpupdate /force

This should look like this:

gpupdate_force

 

Any Questions into the comments…