Google analytics is brilliant, of that there is no doubt, and it has replaced website stats for many people these days, however applying it  to your entire site can be a pain if you have a large site and do not have a modern CMS system that allows you to easily insert scripts onto every page.

This can create a dilemma if you want to do away with website stats entirely and encourage customers to use Google analytics instead, but many customers have old legacy sites and do not have the required skills (or inclination) to do the required work, so I started looking for a way that Google analytics could be easily and automatically added to a customers site without making code changes.
Being a windows/IIS guy I first looked into using the URL rewrite engine, which allows you to create OUTGOING rules to rewrite content before it is delivered to the client, and it turned out this did the job nicely, although with the caveat that you cannot just insert raw JavaScript as some characters break the URL rewriting engine, so you have to do a bit of manipulation to get things working.

Basically you have to remove all newline characters and encode any {curly braces} as these have special meaning in url rewriting.
I actually solved this back in 2012, but it has sat unused until now as I still needed an easy way for non technical customers to do this and apply it to their websites. Well today I was having my first play with JSFiddle.net (as some have suggested I do something similar for cflive.net) and decided to do something constructive and throw together a quick script to generate the required rewrite rule to do the above, and here it is.
It is very small and very simple, but I hope useful script that will convert your analytics code into the required format and also generate the rewrite rule for you to insert into your web.config file. Just click the Result tab below to actually use the script.

How often do you get a PHP app that requires you to setup a cron job to run some automated task each day.
This has always been a bit of a chore with windows as there is no obviousl built in method for doing this, and the common method was to use wget. Or in my case as I use ColdFusion/Railo I would setup a scheduled task in the ColdFusion/Railo admin instead.

Today I decided to find out if there was a better way to do this this since windows 2008, and discovered that yes there is, using powershell.

Via CMD

You can use the “Schtasks” command from the CMD window.

schtasks /create /tn "my scheduled task" /tr "powershell -ExecutionPolicy unrestricted -Command \"(New-Object Net.WebClient).DownloadString(\\\http://url .to.be.executed/cron.php\\\")\" /sc DAILY /st 07:00:00 /ru System

• /sc  schedule : Specifies the schedule type. Valid values are MINUTE, HOURLY, DAILY, WEEKLY, MONTHLY, ONCE, ONSTART, ONLOGON, ONIDLE.
• /st StartTime : Specifies the time of day that the task starts in HH:MM:SS 24-hour format. The default value is the current local time when the command completes. The /st parameter is valid with MINUTE, HOURLY, DAILY, WEEKLY, MONTHLY, and ONCE schedules. It is required with a ONCE schedule.
• /tn TaskName : Specifies a name for the task.
• /tr TaskRun : Specifies the program or command that the task runs. Type the fully qualified path and file name of an executable file, script file, or batch file. If you omit the path, SchTasks.exe assumes that the file is in theSystemroot\System32 directory.
• /ru {[Domain\]User | "System"} : Runs the tasks with the permission of the specified user account. By default, the task runs with the permissions of the user logged on to the computer running SchTasks.

The docs and list of commands can be found here: http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/schtasks.mspx?mfr=true

Here is how to do it via GUI.

Just create a task in the normal way, under “Action” choose “start a program” –> powershell
And then under arguments you specify the following

-ExecutionPolicy unrestricted -Command "(New-Object Net.WebClient).DownloadString(\"http://www.yoururl.com/cron.php\")"

This week I needed to renew the SSL certificate for our OpenVPN server. the process according to the docs required using OpenSSL to generate a private key, which will then be used to generate a CSR, which will then be used to register your SSL, and you then need to get the certificate (CRT) file, a CA bunble (crt) file, and a private key (pem) file to install on the OpenVPN server.

Now I am used to dealing with Windows and IIS, and dealing with SSL is a breeze on windows, but as is usually the case when it comes to Linux, simple tasks like this suddenly become 10 x more work and as my Linux skills are almost zero that made the task even more arduous.

I had a go at doing everything with OpenSSL but ended up generating invalid SSL certs that did not work, so I then thought to myself, why not just use IIS to generate the CSR and get the SSL cert and then just export it from there into a format I can use on Linux, this seemed like it would be a much quicker solution and it was, here are the steps.

Using IIS7 on any machine, generate your CSR in the usual way, I did this on my local Windows 7 machine.

Now take your CSR and register your SSL certificate in the usual way, when you get it back, install it on IIS from above section using "complete certificate request"

Once you have your SSL installed in IIS, you now need to export the SSL and the private key as a pfx file.

Open MMC.exe and add the certificates snap-in, now browse to the personal>certificates and export your SSL cert

choose to export the private key and include all certificates

Your private key password is your windows password that you are current logged in with.

For Windows systems this PFX file will be everything you need, however on Linux systems (such as open VPN) you will need  separate private key files.

This is where you need to use OpenSSL.

Using command line.

Export the private key file from the pfx file

openssl pkcs12 -in filename.pfx -nocerts -out key.pem

Export the certificate file from the pfx file

openssl pkcs12 -in filename.pfx -clcerts -nokeys -out cert.pem

Remove the passphrase from the private key

openssl rsa -in key.pem -out server.key

Using XCA GUI

XCA is a handy GUI for open SSL, you can download it here http://sourceforge.net/projects/xca/

On the Private Keys tab choose "Import PFX", this will import everything from your PFX file.

Now select your newly imported private key, and click export to get your PEM file.

Now select your certificate and export that in required format, although in most cases the certificate file you received from the CA will be sufficient.
If you need a CA bundle, then export all the certs from the root, or use the intermediate cert you would have received from the CA.

Whether you are using a CMS or blogging app such as WordPress, Joomla, Drupal, or even a custom built app, then you likely have an admin system to manage your website and its content.

The problem is that hackers know this too, and they know that in most cases your admin will reside in www.yoursite.com/admin and they regularly try to hack this URL with brute force password attacks or a bit of SQL injection, and unless you have any logs you regularly monitor or a failed login notification system, then you will be completely oblivious to this, many people get hacked and do not realise until months later that malware has been inserted into their site and is trying to infect all their website visitors, and worse that their site has been blacklisted/blocked as a malware site or that all their customer data has also been stolen.

Now at least with off the shelf open source apps like Wordpress et al you have the advantage that you can easily update to the latest version and thus plug any known security issues or vulnerabilities that arise, but with a custom built app you do not have this luxury and you will remain oblivious of any security holes in your app until it is too late.

The best solution is to add IP address restrictions to your admin folder so that only authorised people can access it.

With Apache

How to do this with apache is pretty common knowledge, you simply use your .htaccess file, so I wont bother covering that here, for those that do not know here are a couple of links showing you how to get it done.

• How to deny visitors by IP address using Apache : http://www.htaccess-guide.com/deny-visitors-by-ip-address/
• .htaccess generator : http://www.toshop.com/htaccess-generator.cfm

With Microsoft IIS

However doing this with Microsoft IIS is less common knowledge and if you are on shared hosting you likely have no idea how to do it at all and probably do not have access either.

By default on IIS, IP Address restrictions must be done via the IIS Management interface, and you need to install the "IP Security" feature, instructions on how to do that can be found HERE, if you are on a shared host you may need to ask them if they have this installed, and if not ask them to install it.
But even with this installed you are still restricted to doing the IP Address restrictions via the MMC (see previous link), which means you need direct access to the server, and one thing this lacks is the ability to add comments to specify who the IP address belongs to, which is very important if you want to allow an IP address temporarily or want to keep track what who each IP belongs to.

What you really want to do is be able to add these IP restrictions in your web.config, so you can also add comments next to each entry and so that you do not have to login to the server and use the MMC, ala apache .htaccess style.
The good news is that you can do this, all you have to do is enable IPSecurity override in your ApplicationHost.config. For those that do not know, ApplicationHost.config is where IIS stores its global settings (such as default documents and handlers) and those which are not managed via the web.config by default.

To edit this file go to C:\Windows\System32\inetsrv\config and open applicationhost.config in your favourite text editor.

NOTE:

You need to be using a 64bit text editor on a 64bit OS otherwise it will not be able to open the 64bit version of this file, and instead opens an alternate version of this file, which is not the one in use. I discovered this after many hours of head scratching as I always used Notepad++ by default, which is only a 32bit editor.

Now find the following section:-

<section name="ipSecurity" overrideModeDefault="Deny" />

And change the "Deny" to "Allow". If you are on a shared host, you will need to ask them to make this change, there is really no reason for them to not allow this.

You can now use your web.config file to manage IP address restrictions.

How it's done
Example IP address restrictions. Comments are enclosed in <!-- --> and are not required, but I suggest you use them to record what IP is there for what reason.

• Allow all, but block specific IPs or networks
  

  <security>
     <ipSecurity allowUnlisted="true">    <!-- this line allows everybody, except those listed below -->            
         <clear/>     <!—removes all parent restrictions -->                
         <add ipAddress="83.116.19.53"/>     <!-- blocks the specific IP of 83.116.19.53  -->                
         <add ipAddress="83.116.119.0" subnetMask="255.255.255.0"/>     <!--blocks network 83.116.119.0 to 83.116.119.255-->                
         <add ipAddress="83.116.0.0" subnetMask="255.255.0.0"/>     <!--blocks network 83.116.0.0 to 83.116.255.255-->                
         <add ipAddress="83.0.0.0" subnetMask="255.0.0.0"/>     <!--blocks entire /8 network of 83.0.0.0 to 83.255.255.255-->                
     </ipSecurity>
  </security>

• Deny all, but allow specific IPs or networks

  <security>
      <ipSecurity allowUnlisted="false">    <!-- this line blocks everybody, except those listed below -->                
          <clear/> <!—removes all parent restrictions -->
          <add ipAddress="127.0.0.1" allowed="true"/>    <!-- allow requests from the local machine -->
          <add ipAddress="83.116.19.53" allowed="true"/>   <!-- allow the specific IP of 83.116.19.53  -->                
          <add ipAddress="83.116.119.0" subnetMask="255.255.255.0" allowed="true"/>   <!--allow network 83.116.119.0 to 83.116.119.255-->                
          <add ipAddress="83.116.0.0" subnetMask="255.255.0.0" allowed="true"/>   <!--allow network 83.116.0.0 to 83.116.255.255-->                
          <add ipAddress="83.0.0.0" subnetMask="255.0.0.0" allowed="true"/>   <!--allow entire /8 network of 83.0.0.0 to 83.255.255.255-->                
      </ipSecurity>
  </security>

• Use a text editor to create a file named web.config
• Save the web.config file with the appropriate content
• Place the web.config file in the directory that you wish to protect

• If there isn't an existing web.config in the directory, your new web.config should look something like this

  <?xml version="1.0"?>
  <configuration>
     <system.webServer>
        <security>
          <ipSecurity allowUnlisted="true">    <!-- this line blocks everybody, except those listed below -->                
             <clear/> <!—removes all parent restrictions -->
             <add ipAddress="83.116.19.53"/>   <!-- block one IP  -->                
             <add ipAddress="83.116.119.0" subnetMask="255.255.255.0"/>   <!--block network 83.116.119.0 to 83.116.119.255-->               
          </ipSecurity>
        </security>
     </system.webServer>
  </configuration>

• If there is an existing web config, without a <system.webServer> section... Your new web.config should look like this

  <?xml version="1.0"?>
  <configuration>
     <system.web>
       .. existing text ..
       .. existing text ..
     </system.web>
     <system.webServer>
        <security>
          <ipSecurity allowUnlisted="true">    <!-- this line blocks everybody, except those listed below -->                
             <clear/> <!—removes all parent restrictions -->
             <add ipAddress="83.116.19.53"/>   <!-- block one IP  -->                
             <add ipAddress="83.116.119.0" subnetMask="255.255.255.0"/>   <!--block network 83.116.119.0 to 83.116.119.255-->               
          </ipSecurity>
        </security>
     </system.webServer>
  </configuration>

• If your existing web.config already has a <system.webServer> section, just add the <security><ipSecurity> section

  <?xml version="1.0"?>
  <configuration>
     <system.web>
       .. existing text ..
       .. existing text ..
     </system.web>
     <system.webServer>
        <security>
          <ipSecurity allowUnlisted="true">    <!-- this line blocks everybody, except those listed below -->                
             <clear/> <!—removes all parent restrictions -->
             <add ipAddress="83.116.19.53"/>   <!-- block one IP  -->                
             <add ipAddress="83.116.119.0" subnetMask="255.255.255.0"/>   <!--block network 83.116.119.0 to 83.116.119.255-->               
          </ipSecurity>
        </security>
     </system.webServer>
  </configuration>

If you work with Microsoft Hyper-v on windows Vista or windows Server 2008 then you no doubt use SYSPREP to prepare virtual machine templates. If you are still building each VM and installing windows from scratch then you are making life hard for yourself, in which case I suggest you read THIS.

When you first install Windows your rearm count is set at 3. You can see the current rearm count by running slgmgr.vbs /dlv and looking at the following:

Remaining Windows rearm count: 3

Note: If you install a service pack the count will increase by 1

When you exceed the rearm count you should get error similar to this KB

929828    An error message occurs when you run "Sysprep /generalize" in Windows Vista: "A fatal error occurred while trying to Sysprep the machine"

When you run the sysprep /generalize command, the activation clock will automatically reset, this ensures that when you first boot up you get the 30 day grace period before license activation. This can only be done 3 times, after this you will no longer be able to SYSPREP that windows installation which. This is incredibly annoying as obviously you need to update your templates occasionally. 
However there is a good reason, as if you could indefinitely reset the windows activation then you would never have to activate windows, thus a free license forever. 
NOTE: This limitation does not exist on windows 2003 and XP.

Thankfully you can bypass resetting the activation clock by using the SkipRearm setting in the Microsoft-Windows-Security-Licensing-SLC component. This enables you to run Sysprep multiple times without resetting the activation clock. 
But you MUST remove this setting or set to 0 on the final running of sysprep otherwise the grace period is not reset(additionally the CMID is not reset which can cause problem with KMS activation).

Useful Articles.

• What is sysprep
• How sysprep works
• Sysprep Command Line Syntax
• Unattended Windows Setup Reference

Read more...