jmbrinkman

Archive for the ‘Proxy’ Category

Start Me Up? – Windows 8 Consumer Preview First Thoughts

In Proxy, Tech Ed on July 3, 2012 at 20:16

If you like my content please do check out my new blog at thirdpartytools.net ! 

 

After two years of being highly skeptical about everything Microsoft – especially if you consider how positive I was after attending TechEd 2010 – attending another edition of TechEd sorta won me over again. The promise of a integrated holistic (yes even MS itself uses this word now) management platform finally seems to be fulfilled with System Center 2012 and even Server 2012 without the whole suite seems to all about integration, open standards and the acknowledgement of the fact that for some people and companies there is no cloud like their private cloud.

I even installed Windows 8. Most of the reviews I’ve seen have been ambiguous to say the least. At TechEd 2012 I saw tablets running Win8 – on that platform the Metro UI looks and feels more modern then IOS. Obviously most of the way you interface, the strong connection to cloud apps and the ability to federate data from different sources have been well stolen from Apple. But true multitasking (even if you can only run two apps next to each other on one screen) is a big plus. The fact that you can use your regular Desktop apps on those (non-ARM) devices might be an advantage as well – but a lot will depend on how well they are suited to be used with a touch interface.

Now running it on your desktop…or laptop is a whole different matter. The absence of integration between the Metro and Desktop worlds is a big problem. I don’t mind having nice looking apps to do certain jobs – like reading a book or watching a movie – I do mind being able to ALT-TAB through both these full screen apps and my desktop apps. And I don’t mind having 10 ways to alter my settings – as long as lead to the same set of settings. I need to know what to change and where to change it.

If you read any of my previous articles you know I have a special interest in proxy servers. Well hang on to yourselves – Metro gave us another way to define a proxy. Metro apps bar IE 10 Metro don’t use WinINET or Winhttp – their proxy is defined in a Group Policy Setting. If you want to read which look here.

There is also the so called improvements for multi monitor setups. When I ran the pre-install wizard it told me Ultramon wasn’t supported so I crossed my fingers and hoped for the best. What I got was:

– An customizable dual screen taskbar. Finally

– Hotkeys to move Windows around like it was in Windows 7 – but no buttons in the right hand corner of each window like in Ultramon or similar utilities

– Metro on one screen, the Desktop on the other. Now at first that made me really happy. If they won’t integrate maybe I can run them next to each other on different screens. But no – selecting a Desktop app will minimize my Metro….

The Desktop itself is faster, more responsive and I don’t care for the Start button that much. I wonder if the Rolling Stones were still getting royalties from way back when MS used Start me up at the Windows 95 launch – but I doubt they will care either. Press the Windows button and start typing – you get a nice quick list of suggestions be it regular programs, applets that change settings or individual files.

The Metro apps are good to have on my laptop at home when I want to look at some photo’s, chat or look up random stuff on Wikipedia. But I hope I’ll be able to turn it off on my workstation at work, unless Microsoft finds a way to access both worlds in a unified and seamless manner.

Advertisements

Movies As Code

In Powershell, Proxy on March 12, 2012 at 21:12

If you like my content please do check out my new blog at thirdpartytools.net ! 

 

A friend showed me this wonderfully geeky site: http://moviesascode.net/

The whole idea is to describe movies or movie titles using runnable code! And I’m glad to say that I contributed the first Movie as Powershell : The Sum of All Fears!

I generously stole the basics from Wayne and used powershell to sum up the number of times the string “fear” appears in the King James Bible, times the number of characters in the word “fear”.

The proxy stuff is quite interesting because I had been searching for a code snippet that allowed me to authenticate to ISA/TMG for a while but I guess I needed a touch of silliness to come up with the right search terms. Here’s my adaption of Wayne’s code:

$proxy= Read-Host “Proxy? Yes/No?”

if ($proxy -eq “yes”)
{
$user= $env:USERNAME
$webproxy = Read-Host “Proxy address? (like http://your.proxy.server:8080)”
$pwd = Read-Host “Password?” -AsSecureString
$proxy = New-Object system.Net.WebProxy
$proxy.Address = $webproxy
$account = new-object System.Net.NetworkCredential($user,[Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($pwd)), “”)
$proxy.credentials = $account
}

It’ll ask you if you want to use a proxy and if you do then it’ll ask you for a password (it uses the currently logged on user).

Some more code:

Idioms

99 Bottles of Beer

Poetry

This blog has been moved to: http://multiplechoicesystemsengineer.nl/Lists/Posts/Post.aspx?ID=2

Von Smallhausen by Proxy

In Proxy, TMG 2010, Uncategorized on February 22, 2012 at 21:34

If you like my content please do check out my new blog at thirdpartytools.net ! 

 

If you work in an environment where access to the internet is “proxied” or “proxyfied” by a Microsoft proxy productandthat proxy requires authentication you are in for a treat. If you have to maintain or administer such an environment…

It looks like a great idea – you know who what on the big bad world wide wolf. But a lot of software doesn’t understand proxy authentication – if they are aware of it in the first place. So users complain because the can’t watch that Silverlight video. Because Silverlight…doesn’t understand proxy authentication. Passive FTP with a login doesn’t understand it – you have to provide the credentials the old style: ftp://user001:secretpassword@private.ftp-servers.example.com/mydirectory/myfile.txt .

Of course you can disable proxy authentication for certain sites, source or destination ip’s or even users. But that can be quite a hassle and depending on the amount of exclusions and the administrative discipline of the IT staff it can render authentication as a security (or productivity if you use to block sites)measure rather useless.

But my biggest problem with proxy authentication in a Microsoft environment is – not even the OS understands proxies. The strong bonds between Windows Explorer and Internet Explorer might have been severed…for most applications IE is the place to set a proxy – whether IE is a party in the application reaching the Internet or not.

But we have group policy so we can set the proxy so big deal…but hey why can’t OneNote reach my Skydrive? That’s because Microsoft provided us with two ways to use a proxy; WinInet and WinHTTP. And no one really tells which applications use or support them. MSDN says “..When selecting between the two, you should use WinINet, unless you plan to run within a service or service-like process that requires impersonation and session isolation…(WinHTTP vs. WinINet). Now I can’t judge why or how OneNote needs WinHTTP – but its annoying none the less that it does.

Now how can we solve this?

  • There is no GPO setting for Winhttp 😦
  • Of course you could script it. Use proxycfg.exe or netsh in the winhttp context (or Windows XP/2003 and later OS’s respectively)
  • Or in some way (OS template/script/GPO) makes some changes to HKEY_LOCAL_MACHINE\ SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\WinHttp
  • If you use an auto discovery script importing from IE won’t work you’ll have to maintain two ways of finding a proxy ( tho it understands WPAD)
  • So the only real solution is a computer start up script that uses the methods mentioned above with some smart logic to pick a server and keep things like proxy exclusions in sync between WinInet and WinHTTP

Or you could really move forward and think about stuff like Palo Alto firewalls or other solutions where fire-walling and proxying are integrated if seeing who does what really is your thing

Btw here is a list of appplications that use WinHTTP:

  • Connections to Microsoft Skydrive from an Office or Windows Live App
  • Windows Update
  • WebDAV ( so stuff like Sharepoint ) connections from Office or Windows Explorer

I will say this only once!