How to set Static/DHCP IP Address from command line

In Windows Server 2008 Core installation, the only way to setup IP Address eithe Static or DHCP is from the command line. The following procedure helps setting the IP Address from the command Line using “netsh”. This procedure works in Windows Server 2008 (No core installation as well), Windows Server 2003, Windows XP, Windows Vista.

To setup Static IP Address:

From the command prompt:

1. Type

C:\Users\Administra tor> netsh interface ipv4 show interfaces
Idx Met MTU State Name
— — —– ———– ——————-
1 50 4294967295 connected Loopback Pseudo-Interface 1
10 20 1500 connected Local Area Connection

This should show the Network Connections. We are looking for the name here. On mine, I have one LAN interface and is named as “Local Area Connection”

2. To set a static IP Address type the following command

C:\Users\Administra tor>netsh interface ipv4 set address name=”Local Area Connect
ion” source=static address=192. 168.0.5 mask=255.255. 255.0 gateway=192. 168.0.1

The syntax is

netsh interface ipv4 set address name=”” source=static address= mask= gateway=

Where:
ID is the name of the LAN Connection
StaticIP is the static IP address that you are setting
SubnetMask is the subnet mask for the IP address
DefaultGateway is the default gateway

3. Now set the DNS Servers one at a time with the followind command. For each DNS server, increase the index number.

C:\Users\Administra tor>netsh interface ipv4 add dnsserver name=”Local Area Conne
ction” address=192. 168.0.1 index=1

C:\Users\Administra tor>netsh interface ipv4 add dnsserver name=”Local Area Conne
ction” address=192. 168.0.10 index=2

The syntax is

netsh interface ipv4 add dnsserver name=”” address=index=1

Where:
ID is the name of the Network Connection
DNSIP is the IP address of your DNS server

This should do. To confirm, do an “ipconfig”

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller
Physical Address. . . . . . . . . : 00-1D-09-D4- 2C-8F
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.0.5( Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255. 0
Default Gateway . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.1
192.168.0.10
127.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Set IP through DHCP Server

To set the DHCP Server, from the command line

C:\Users\Administra tor> netsh interface ipv4 set address name=”Local Area Connection” source=dhcp

Syntax is

netsh interface ipv4 set address name=”ID” source=dhcp

where ID is the name of the Network Connection

Configure SNMP Agent in Windows 2000/XP/2003 Saturday, June 5, 2010 12:17 PM

Simple Network Management Protocol (SNMP) is used to manage networked devices, monitor and alert of any events on the systems that can be critical

To configure SNMP agent in Windows,

1. Click Start – Run – Type “Services.msc” and press enter. This opens the Services Management Console.

2. In the right-pane, right-click on SNMP Service and select “Properties”

3. Click the “Agent” tab, enter the name of the “Contact”, “Location” and select the services for which an event can trigger a trap or can be queried by an SNMP management server.

4. Click the “Traps” tab and enter the Community name and Trap destinations. This allows the SNMP agent to send SNMP trap messages to SNMP Management servers when an event occurs. The community name is the communityname of the SNMP management server

5. Click the Security tab, here we set the security for various communities that this agent supports and the level permissions they are allowed namely “Notify”, “READ ONLY”, “READ WRITE”, “READ CREATE”. “Read Write” is the maximum allowed permission wherein we allow the SNMP Management station to make changes to the system or even manage the system using SNMP while “READ ONLY” will only allow the SNMP server to query for event informations and cannot make any changes.

6. Also, for security reasons select “Accept SNMP Packets from these hosts” and add list of authorised servers that can poll this agent.

7. You can also check the box “Send authentication trap” to notify all SNMP servers in the list should there be an authentication failure from any other SNMP server not in the list.

8. Click Apply and OK.

8. Right-click on the service and select “restart” for the changes to take effect.

This should setup SNMP Agent as well as the Trap setup for SNMP.

Creating and Configuring FTP Sites in Windows Server 2003

In this article we'll walk you through the steps of creating FTP sites in Windows Server 2003 using both Internet Services Manager and scripts. The tutorial will also will explain how to perform common administration tasks involving FTP sites and also how to implement FTP User Isolation, a new feature of Windows Server 2003 enables users to have their own separate FTP home directories.

In this article we saw that Internet Information Services 6 (IIS 6) is a powerful platform for building and hosting web sites for both the Internet and corporate intranets. IIS 6 is also equally useful for setting up FTP sites for either public or corporate use, and in this article we''ll walk through the process of creating and configuring FTP sites using both the GUI (IIS Manager) and scripts included in Windows Server 2003. The specific tasks we''ll walk through in this article are:

• Creating an FTP Site
• Controlling Access to an FTP Site
• Configuring FTP Site Logging
• Stopping and Starting FTP Sites
• Implementing FTP User Isolation

For sake of interest, we''ll again explain these tasks in the context of a fictitious company called TestCorp as it deploys FTP sites for both its corporate intranet and for anonymous users on the Internet.

Preliminary Steps

As mentioned in the previous article, IIS is not installed by default during a standard installation of Windows Server 2003, and if you installed IIS using Manage Your Server as described in the previous article this installs the WWW service but not the FTP service. So before we can create FTP sites we first have to install the FTP service on our IIS machine. To do this, we need to add an additional component to the Application Server role we assigned our machine when we used Manage Your Server to install IIS.

Begin by opening Add or Remove Programs in Control Panel and selecting Add/Remove Windows Components. Then select the checkbox for Application Server:

Click Details and select the checkbox for Internet Information Services (IIS):

Click Details and select the checkbox for File Transfer Protocol (FTP) Services.

Click OK twice and then Next to install the FTP service. During installation you''ll need to insert your Windows Server 2003 product CD or browse to a network distribution point where the Windows Server 2003 setup files are located. Click Finish when the wizard is done.

Creating an FTP Site

As with web sites, the simplest approach to identifying each FTP site on your machine is to assign each of them a separate IP address, so let''s say that our server has three IP addresses (172.16.11.210, 172.16.11.211 and 172.16.11.212) assigned to it. Our first task will be to create a new FTP site for the Human Resources department, but before we do that let''s first examine the Default FTP Site that was created when we installed the FTP service on our machine. Open IIS Manager in Administrative Tools, select FTP Sites in the console tree, and right-click on Default FTP Site and select Properties:

Just like the Default Web Site, the IP address for the Default FTP Site is set to All Unassigned. This means any IP address not specifically assigned to another FTP site on the machine opens the Default FTP Site instead, so right now opening either ftp://172.16. 11.210, ftp://172.16. 11.211 or ftp://172.16. 11.212 in Internet Explorer will display the contents of the Default FTP Site.

Let''s assign the IP address 172.16.11.210 for the Human Resources FTP site and make D:\HR the folder where its content is located. To create the new FTP site, right-click on the FTP Sites node and select New --> FTP Site. This starts the FTP Site Creation Wizard. Click Next and type a description for the site:

Click Next and specify 172.16.11.210 as the IP address for the new site:

Click Next and select Do not isolate users, since this will be a site that anyone (including guest users) will be free to access:

Click Next and specify C:\HR as the location of the root directory for the site:

Click Next and leave the access permissions set at Read only as this site will only be used for downloading forms for present and prospective employees:

Click Next and then Finish to complete the wizard. The new Human Resources FTP site can now be seen in IIS Manager under the FTP Sites node:

To view the contents of this site, go to a Windows XP desktop on the same network and open the URL ftp://172.16. 11.210 using Internet Explorer:

Note in the status bar at the bottom of the IE window that you are connected as an anonymous user. To view all users currently connected to the Human Resources FTP site, right-click on the site in Internet Service Manager and select Properties, then on the FTP Site tab click the Current Sessions button to open the FTP User Sessions dialog:

Note that anonymous users using IE are displayed as IEUser@ under Connected Users.

Now let''s create another FTP site using a script instead of the GUI. We''ll create a site called Help and Support with root directory C:\Support and IP address 172.16.11.211:

Here's the result of running the script:

The script we used here is Iisftp.vbs, which like Iisweb.vbs and Iisvdir.vbs which we discussed in the previous article is one of several IIS administration scripts available when you install IIS on Windows Server 2003. A full syntax for this script can be found here. Once you create a new FTP site using this script you can further configure the site using IIS Manager in the usual way.

Note: At this point you could add structure to your FTP site by creating virtual directories, and this is done in the same way as was described in the previous article for working with web sites.

Controlling Access to an FTP Site

Just like for web sites, there are four ways you can control access to FTP sites on IIS: NTFS Permissions, IIS permissions, IP address restrictions, and authentication method. NTFS permissions are always your first line of defense but we can't cover them in detail here. IIS permissions are specified on the Home Directory tab of your FTP site's properties sheet:

Note that access permissions for FTP sites are much simpler (Read and Write only) than they are for web sites, and by default only Read permission is enabled, which allows users to download files from your FTP site. If you allow Write access, users will be able to upload files to the site as well. And of course access permissions and NTFS permissions combine the same way they do for web sites.

Like web sites, IP address restrictions can be used to allow or deny access to your site by clients that have a specific IP address, an IP address in a range of addresses, or a specific DNS name. These restrictions are configured on the Directory Security tab just as they are for web sites, and this was covered in the previous article so we won't discuss them further here.

FTP sites also have fewer authentication options than web sites, as can be seen by selecting the Security Accounts tab:

By default Allow anonymous connections is selected, and this is fine for public FTP sites on the Internet but for private FTP sites on a corporate intranet you may want to clear this checkbox to prevent anonymous access to your site. Clearing this box has the result that your FTP site uses Basic Authentication instead, and users who try to access the site are presented with an authentication dialog box:

Note that Basic Authentication passes user credentials over the network in clear text so this means FTP sites are inherently insecure (they don't support Windows integrated authentication) . So if you're going to deploy a private FTP site on your internal network make sure you close ports 20 and 21 on your firewall to block incoming FTP traffic from external users on the Internet.

Configuring FTP Site Logging

As with web sites, the default logging format for FTP sites is the W3C Extended Log File Format, and FTP site logs are stored in folders named

%SystemRoot% \system32\ LogFiles\ MSFTPSVCnnnnnnnn nn

where nnnnnnnnnn is the ID number of the FTP site. And just as with web sites, you can use the Microsoft Log Parser, part of the IIS 6.0 Resource Kit Tools, to analyze these FTP site logs.

Stopping and Starting FTP Sites

If an FTP site becomes unavailable you may need to restart it to get it working again, which you can do using IIS Manager by right-clicking on the FTP site and selecting Stop and then Start. From the command-line you can type net stop msftpsvc followed by net start msftpsvc or use iisreset to restart all IIS services. Remember that restarting an FTP site is a last resort as any users currently connected to the site will be disconnected.

Implementing FTP User Isolation

Finally, let's conclude by looking at how to implement the new FTP User Isolation feature of IIS in Windows Server 2003. When an FTP site uses this feature, each user accessing the site has an FTP home directory that is a subdirectory under the root directory for the FTP site, and from the perspective of the user their FTP home directory appears to be the top-level folder of the site. This means users are prevented from viewing the files in other users' FTP home directories, which has the advantage of providing security for each user's files.

Let's create a new FTP site called Staff that makes use of this new feature, using C:\Staff Folders as the root directory for the site and 172.16.11.212 for the site's IP address. Start the FTP Site Creation Wizard as we did previously and step through it until you reach the FTP User Isolation page and select the Isolate users option on this page:

Continue with the wizard and be sure to give users both Read and Write permission so they can upload and download files.

Now let's say you have two users, Bob Smith (bsmith) and Mary Jones (mjones) who have accounts in a domain whose pre-Windows 2000 name is TESTTWO. To give these users FTP home directories on your server, first create a subfolder named \TESTTWO beneath \Staff Folders (your FTP root directory). Then create subfolders \bsmith and \mjones beneath the \Accounts folder. Your folder structure should now look like this:

C:\Staff Folders
\TESTTWO
\bsmith
\mjones

To test FTP User Isolation let's put a file name Bob's Document.doc in the \bsmith subfolder and Mary's Document.doc in the \mjones subfolder. Now go to a Windows XP desktop and open Internet Explorer and try to open ftp://172.16. 11.212, which is the URL for the Staff FTP site we just created. When you do this an authentication dialog box appears, and if you're Bob then you can enter your username (using the DOMAIN\username form) and password like this:

When Bob clicks the Log On button the contents of his FTP home directory are displayed:

Note that when you create a new FTP site using FTP User Isolation, you can't convert it to an ordinary FTP site (one that doesn't have FTP User Isolation enabled). Similarly, an ordinary FTP site can't be converted to one using FTP User Isolation.

We still need to explore one more option and that's the third option on the FTP User Isolation page of the FTP Site Creation Wizard, namely Isolate users using Active Directory. Since we've run out of IP addresses let's first delete the Help and Support FTP site to free up 172.16.11.211. One way we can do this is by opening a command prompt and typing iisftp /delete "Help and Support" using the iisftp.vbs command script. Then start the FTP Site Creation Wizard again and select the third option mentioned above (we'll name this new site Management):

Click Next and enter an administrator account in the domain, the password for this account, and the full name of the domain:

Click Next and confirm the password and complete the wizard in the usual way. You'll notice that you weren't prompted to specify a root directory for the new FTP site. This is because when you use this approach each user's FTP home directory is defined by two environment variables: %ftproot% which defines the root directory and can be anywhere including a UNC path to a network share on another machine such as \\test220\docs, and %ftpdir% which can be set to %username% so that for example Bob Smith's FTP home directory would be \\test220\docs\ bsmith and this folder would have to be created beforehand for him. You could set these environment variables using a logon script and assign the script using Group Policy, but that's beyond the scope of this present article.

hide and unhide Disk Drive Partitions

hide and unhide Disk Drive Partitions

IN GUI MODE

Here is a simple way to hide and unhide Disk Drive Partitions from My Computer in any version of windows. This deosn't work with Windows OS that cannot support NTFS.
How to hide a partition in Windows?

• Right-Click on My Computer [Computer in Windows Vista and Windows 7]
• Click on Manage
• From the list of options Click on Disk Management that will be located in the left-bottom section
• All your hard disk and its partitions will be show in the right hand side
• Right-Click on the partition that you want to hide and select "Change Drive Letters and Path"
• Click on "Remove" and click "Yes"
• Your drive will now be hidden in my computer

To unhide the drive :

• Go to Disk Management Right-Click on the hidden partition [there will not be a drive letter on the hidden drive] again select "Change Drive Letters and Path"
• Click on add and select an appropriate drive letter.
• Click Ok
• Now the drive is unhided.

IN COMMAND PROMPT

1. Click Start – Run
2. Type “cmd” in the open box
3. In command prompt window, type “diskpart” , and then press enter!

4. Type “list volume” and press enter

The above command will show hard drive volume information.
For example, your secret files are in drive E. Thus I want to hide E. From the figure above, keep in mind that drive E’s volume is “volume 2″ and drive E’s letter is “E”.

5. Type “select volume 2″ and press enter
6. Type “remove letter E” and press enter

Done! Now your drive E has been hidden, you can now exit command prompt.

How to unhide / restore your hidden disk partition?
Do all steps (1-5), on the step 6 type “assign letter E” instead

Creating and Configuring Web Sites in Windows Server 2003

In this article we'll walk you through the steps of creating web sites in Windows Server 2003 using both Internet Services Manager and scripts. The tutorial will also walk you through the steps for hosting content both locally and remotely using virtual directories, and will explain how to perform common administration tasks involving web servers.

Internet Information Services 6 (IIS 6) is a powerful platform for hosting web sites on both the public Internet and on private intranets. Creating and configuring web sites and virtual directories are bread-and-butter tasks for IIS Administrators, and in this article we'll walk through the process of doing this using both the GUI (IIS Manager) and using various scripts included with Windows Server 2003. The seven specific tasks we'll walk through will include:

• Creating a Web Site
• Creating a Local Virtual Directory
• Creating a Remote Virtual Directory
• Controlling Access to a Web Site
• Configuring Web Site Logging
• Configuring Web Site Redirection
• Stopping and Starting Web Sites

For sake of interest, we'll explain these tasks in the context of a fictitious company called TestCorp as it deploys IIS for its corporate intranet.

Preliminary Steps

Unlike earlier versions of Microsoft Windows, IIS is not installed by default on Windows Server 2003. To install IIS, open Manage Your Server from the Start menu and add the Application Server role:

Note that for simple security reasons IIS should only be installed on member servers, not domain controllers. The reason is that if you install IIS on a domain controller and your web server becomes compromised, the attacker could gain access to your accounts database and wreak havoc with your network.

Creating a Web Site

The simplest approach is to use a separate IP address to identify each web site on your machine. Let's say our server has five IP addresses assigned to it from the range 172.16.11.220 through 172.16.11.224. Before we create a new Human Resources web site, let's first examine the identify of the Default Web Site. Open IIS Manager in Administrative Tools, select Web Sites in the console tree, and right-click on Default Web Site and open it's properties:

The IP address for the Default Web Site is All Unassigned. This means any IP address not specifically assigned to another web site on the machine opens the Default Web Site instead. A typical use for the Default Web Site is to edit it's default document to display general information like a company logo and how to contact the Support Desk.

Let's use IP address 172.16.11.221 for the Human Resources site and make D:\HR the folder where the home page for this site is stored. To create the HR site, right-click on the Web Sites node and select New --> Web Site. This starts the Web Site Creation Wizard. Click Next and type a description for the site:

Click Next again and specify 172.16.11.221 as the IP address for the site:

Click Next and specify D:\HR as the home folder for the site. We've cleared the checkbox to deny anonymous access to the site because this is an internal intranet so only authenticated users should be able to access it (public web sites generally allow anonymous access):

Click Next and leave only Read access enabled since the Human Resources site will initially only be used to inform employees of company policies:

Click Next and then Finish to create the new web site:

Now let's create another intranet site, this time for Help Desk, which will use IP address 172.16.11.222 and home folder D:\Help. We'll create this one using a script instead of the GUI:

And here's the result:

The script we used here is Iisweb.vbs, one of several IIS administration scripts available when you install IIS on Windows Server 2003. The basic syntax of this script is easy to figure out from the previous screenshot, and a full syntax can be found here. Note that unlike the Web Site Creation Wizard used previously. you can't use this script create a web site with anonymous access disabled. So if you want to disable anonymous access you should do it by opening the properties sheet for the Help Desk site, selecting the Directory Security tab, and clicking the Edit button under Authentication and Access Control. This opens the Authentication Methods box where you can clear the checkbox to disable Anonymous Access and leave Windows Integrated Authentication as the only authentication method available for clients on your network:

Creating a Local Virtual Directory

Let's say Human Resources keeps their policies in a folder called D:\HR Policies on your web server and you would like users to be able to use the URL http://172.16. 11.221/policies when they need to access these policies. To do this we need to create a virtual directory that associates the /policies portion of the URL, called the alias for the virtual directory, with the physical directory D:\HR Policies where these documents are actually located.

Let's do this now. Right-click on the Human Resources site and select New --> Virtual Directory to start the Virtual Directory Creation Wizard. Click Next and type the alias for the virtual directory:

Click Next and specify the physical folder on the local server to map to this alias:

Click Next and specify permissions (again we'll just leave Read enabled) and finish the wizard. Here's the result:

Let's do something similar using another IIS script named Iisvdir.vbs, only we'll create a /procedures virtual directory instead:

Open IIS Manager to display the new virtual directory:

Note the difference in the icons for the two virtual directories. That's because when the script creates a virtual directory it also creates an application starting point for that directory, while the wizard does not. This doesn't matter though, since for now we're only hosting static content in these directories. For the full syntax of Iisvdir.vbs see here.

Creating a Remote Virtual Directory

Help Desk likes to do things differently than Human Resources does, and their user manual is stored in HTML form in the share \\srv230\helpdesk on a network file server. Let's create a remote virtual directory within the Help Desk site that associates the alias /usermanual with this share. Right-click on the Help Desk site and select New --> Virtual Directory to start the Virtual Directory Creation Wizard again, specify usermanual as the alias for the directory, and type \\srv230\helpdesk as the UNC path to the share:

Click Next and a new screen appears prompting you to either specify credentials for accessing the share or use the authenticated user's credentials for this purpose (we'll use the latter):

Click Next and finish the wizard. Let's look at the result:

The Iisvdir.vbs script can similarly be used for creating remote virtual directories.

Controlling Access to a Web Site

Now that we have a couple of web sites and virtual directories created, let's look at a few administration tasks. This will be only a brief overview--you can find a much more detailed treatment of the subject in my book IIS 6 Administration (Osborne/McGraw- Hill).

First let's look at how we can control access to our web sites. There are basically four ways you can do this: NTFS Permissions, web permissions, IP address restrictions, and authentication method. NTFS permissions is your front line of defense but it's a general subject that we can't cover in detail here. Web permissions are specified on the Home Directory tab of your web site's properties:

By default only Read permission is enabled, but you can also allow Write access so users can upload or modify files on your site.

Script source access so users can view the code in your scripts (generally not a good idea), or Directory browsing so users can view a list of files in your site (also not a good idea). Web permissions apply equally to all users trying to access your site, and they are applied before NTFS permissions are applied. So if Read web permission is denied but NTFS Read permission is allowed, users are denied access to the site.

IP address restrictions can be used to allow or deny access to your site by clients that have a specific IP address, have an IP address within a range of addresses, or have a specific DNS domain name. To configure this, select the Directory Security tab and click the Edit button under IP Address and Domain Name Restrictions. This opens the following dialog, which by default does not restrict access to your site:

The main thing to watch for here is that denying access based on domain name involves reverse DNS lookups each time clients try to connect to your web site, and this can significantly impact the performance of your site.

The final way of controlling access to your sites is to use the Authentication Methods dialog box we looked at previously:

In summary, the five authentication options displayed here are:

• Anonymous access. Used mainly for web sites on public (Internet) web servers.
• Integrated Windows authentication. Used mainly for web sites on a private intranet.
• Digest authentication. Challenge/response authentication scheme that only works with clients running Internet Explorer 5.0 or later.
• Basic authentication. Older authentication scheme that transmits passwords over the network in clear text, so use this only in conjunction with SSL.
• .NET Passport authentication. Allows users to use their .NET Passport for authentication.

Configuring Web Site Logging

Since web sites are prime targets for attackers, you probably want to log hits to your site to see who's visiting it. By default IIS 6 logs traffic to all content as can be seen on the bottom of the General tab of the properties for a web site or virtual directory:

The default logging format is the W3C Extended Log File Format, and clicking Properties indicates new log files are created daily in the indicated directory. It's a good idea to specify that local time be used for logging traffic as this makes it easier to interpret the logs:

The key of course is to review log files regularly to look for suspicious activity. IIS doesn't include anything for this purpose, but the IIS 6.0 Resource Kit Tools does include version 2.1 of Microsoft Log Parser, which can be used for analyzing IIS logs. You can download these tools here.

Configuring Web Site Redirection

Sometimes you need to take your web site down for maintenance, and in such cases it's a good idea to redirect all client traffic directed to your site to an alternate site or page informing users what's going on. IIS lets you redirect a web site to a different file or folder on the same or another web site or even to an URL on the Internet. To configure redirection you use the Home Directory tab and choose the redirection option you want to use:

Stopping and Starting Web Sites

Finally, if sites become available you may need to restart IIS to get them working again. Restarting IIS is a last resort as any users currently connected will be disconnected and any data stored in memory by IIS applications will be lost. You can restart IIS using IIS Manager by right-clicking on the server node:

You can also do the same from the command-line using the Iisreset command:

Type iisreset /? for the full syntax of this command. You can also start and stop individual web sites using IIS Manager or the Iisweb.vbs script. And you can stop or start individual IIS services using the net commands, for example net stop w3svc will stop the WWW services only.