Admins Handbook

What do you do if you have two routers to the outside world. One to be used for Internet and one for an Intranet application?

The first router is deleverd by your ISP and the second one is making an VPN tunnel to the Intranet server.

Normally you would set up a routing roule on the first router, but if not possible an routing roule has to be set up on every computer who needs access to the Intranet server thug the second router.

In this example the Intranet application is accessed on http://10.79.10.2

On all the clients this has to be typed in the command console:
route add 10.79.10.0 mask 255.255.255.0 192.168.1.2 /p
The /p makes the rule persistent (not removed after an reboot).

It is possible to activate remote desktop in regedit, you do not have to use the GUI on the computer itself.

In regedit go to this path:

HKLM\System\CurrentControlSet\Control\Terminal Server
The value fDenyTSConnections must be 0 (zero) for enabling.

You are working with trust between two windows domains and gets this error.

Are you using vmware… ? yes, keep on reading.

This error does not occur on physical hardware but on a virtualized environment and only in vmware. The problem is the vmware driver  hgfs.sys. This driver handles the “vmware shared folders”.

To resole this disable vmware shared folders. It can be done thug regedit. Se the image below. Just change the “start” key value to 4. The path is:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hgfs

For more information about this issue See this blog here

What do you do if you have three webserveres all listening on port 80 and three public IP’s, but only have one firewall/router?

You do not need three routers but if you have a Cisco ASA it all can be done on that.

1. If a Internet user types 111.222.333.2 he ends up on WEB01. 111.222.333.3 end up on WEN02 and so on.
2. All the webservers acts on the Internet with thire own public IP

All you need is a Static and an access roule.

static (inside,outside) <public ip> <local ip>
access-list allow_inbound permit tcp any host <public ip> eq www

To follow the example above, just add these lines.

access-list allow_inbound permit tcp any host 111.222.333.2 eq www
access-list allow_inbound permit tcp any host 111.222.333.3 eq www
access-list allow_inbound permit tcp any host 111.222.333.4 eq www

static (inside,outside) 111.222.333.2 10.0.0.2
static (inside,outside) 111.222.333.3 10.0.0.3
static (inside,outside) 111.222.333.4 10.0.0.4

If you for some reason need to have more than one computer-name on a server it can not be done in the GUI. It has to be done in regedit.

1)
Find this location:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters

2)
Add a new key here with the name: OptionalNames with the type: REG_MULTI_SZ

Type in the server names you want as the value. Separate more than one name with a space.

3)
Restart the server.

Tired of messenger and do you want to remove it completely?

It can not be found in “add/remove programs” It has to be removed with this command:
RunDll32 advpack.dll,LaunchINFSection %windir%\\INF\\msmsgs.inf,BLC.Remove

Open “start” –> “run” and click “OK”.