Windows 2003 has a very aggressive password policy in place (well, sort of). Most websites that spout password tips typically list the first 4 of the following groups of character classes as options for a strong password. Many do not realize that you can also use Unicode Characters in the password. Windows 2003 passwords can be up to 128 characters long. Try memorizing a password that long! You may also include blank spaces (although most password “strength” testers do not consider a blank space a particularly strong element).

The character classes that can be used in a Windows 2003 password are as follows:

A strong password should contain at least 3 of the preceding groups and hopefully all 5.

A few of the most common “mistakes” in making a password are:

• · Including dictionary words.
• · Including your username.
• · Including common sequences (ex. abc, 123, 7890), keyboard sequences, or repeated characters.
• · Your birthday, name, pet’s name, spouse, etc. All of these can easily be found out by a determined person.

Of course, I say “mistakes” lightly because sometimes a strong password can encompass these elements. Many security experts would say “No Way!” But consider that you need to memorize the password, so by taking the longest/strongest possible password you can remember and then throwing a name or other element in addition to that will certainly make it stronger. But DO NOT use ONLY those.

To understand what makes a strong password, you need to understand how passwords are most commonly cracked.

1. Someone you know trying to get into your account: This type of person will likely hinge on things like birthdays, names, etc to help crack your password.

2. Unknown Person/Random Cracker: This person will be less likely to know your personal information. For example, if the administrator can only memorize 7 characters, he/she may be better off using those 7 characters with many personal strings, which is just as easy to memorize. These types of people will typically use dictionary or brute force attacks. Dictionary attacks run all combinations of the dictionary on a password (many crackers only use their own language dictionary though). Brute force attacks will take a long time, but they also start with the shortest possible text strings, so in those cases a shorter password will absolutely be cracked sooner. Even if a password is not complex, a long password will help protect against brute force attacks.

Finally, the best password is the one you will remember. I know of many people who forget their passwords and sometimes the only solution is long, tiring, and costly.

(No Ratings Yet)

No Comments |  Print This Post |

This tip can be done in either Windows or Linux. In Windows using the MySQL Administrator go into the Health Tab and then the Performance Tab. Look at the key_reads and key_read_requests numbers. The ratio of key_reads to key_read_requests should be above 1:100 if you can spare the memory. It should be no lower than 1:10.

How do you increase the ratio for better performance? Increase the key_buffer_size value to an acceptable level.

(No Ratings Yet)

No Comments |  Print This Post |

Ever notice when you are shutting down a server that has Exchange Server running, it takes ~15 minutes? Exchange server relies on Active Directory and therefore DSAccess to provide a cache of AD information. When the server shuts down, LSAS is stopped before DSAccess can shut down cleanly and goes into a timeout mode, which is 10 minutes by default. Other processes experience similar timeouts when they are not shut down cleanly or in an effecient order. The quickest way to get around this is to create a .bat file to shut down the Exchange processes and run it before you shut down the server. Open up a text editor, put in the following code and save it as “shutdown.bat” – Doubleclick it before you shutdown. This will cut shutdown time to a few minutes or less.

(No Ratings Yet)

No Comments |  Print This Post |

The post below talks about processor affinity and setting IIS to use only one processor to increase stability of certain applications (PHP ISAPI anyone?).

You can set the affinity by opening Task Manager and selecting w3svc.exe or inetinfo.exe on the Processes tab. Right click and choose Set Affinity. Uncheck the processors which should not execute the application.

This is a temporary solution since it is reset once you restart Windows or IIS. Some people often disregard setting processor affinity as a fix since it never seems to work…but this is because they don’t set it permanently. Below is how to set the processor affinity permanently.

Grab the Imagecfg.exe tool from the \support\debug\i386 folder of a Windows NT 4.0, or the Imagecfg.exe tool from the Windows 2000/2003 Server Resource Kit.

Open a CMD prompt and type:

where 0xn is the affinity mask and drive:\Path\program.exe is the program you wish to set. The mask indicates which processor is to run the desired application. On a dual-core system, you use CPUs 0 and 1 (not 1 and 2).

CPU MASK
0 0x1
1 0x2
2 0x4
3 0x8

(No Ratings Yet)

No Comments |  Print This Post |

While I was trying to find a content management system for a section of World’s Cutest Animals I decided to try WordPress 2 instead of programming my own (I’m lazy sometimes).

When I installed WordPress 2.1.x it was working fine until midday when requests for the page spiked as usual. It was the dreaded PHP Access Violation. Previous to this, there had never been a PHP related issue with the site in 11 months. I figured I’d try to get it to work instead of uninstalling it right away, so I tried the following:

1. Disabled XCompress HTTP compression, thinking it was an issue with ISAPI ordering like so many IIS related problems.

2. Disabled Isapi Rewrite (thinking it was a compatibility issue between the many rewrite systems and rules on my server in addition to ISAPI ordering)

3. Upgrading PHP to 4.4.7, then downgrading to 4.4.2 (hoping another build had a fix in there, seems every build of PHP breaks or fixes something)

4. Uninstalling WordPress (Tada! Worked! But this is not what I wanted. I’m lazy, I wanted wordpress working)

5. Installed WordPress 2.2 (Still didn’t work)

6. Played with WordPress Permalinks (Nothing)

7. Tried Fast-CGI wrapper from IIS.net for IIS 6.0/7.0 (Worked!)

The Fast-CGI from IIS.net is an effort between Zend and Microsoft to increase the stability of PHP on the upcoming Longhorn Server and IIS 7.0. It’s no secret that PHP is one of the worst offenders of IIS instability. They do have a technology preview out that works with IIS 5.0/6.0. I recommend this if you do have stability issues with PHP ISAPI. It is about 5 times faster than php.exe CGI that comes with PHP 4. The wrapper works for PHP 5 as well. It installs in about 2 minutes thanks to Microsoft’s script and instructions.

Turns out WordPress has some XML GetFeatureList that breaks PHP by forcing a multithreading situation in IIS (w3svc.exe). PHP ISAPI is terrible at any sort of attempt of multithreading as it is not supported.

On a related note, because of PHP ISAPI threading issues, if you have a dual-core server, best to set the processor affinity of w3svc.exe or inetinfo.exe (depending on whether or not you are in isolation mode) to one processor. If you have mulitple websites, assign them to two Application Pools and have each pool running on a different processor. This will assure a much more stable instance of PHP (4 and 5). In each Application Pool, be sure to keep Worker Processes set to 1 (in the properties box). Setting it to a higher number causes multiple threads to be started.

Click here for instructions on permanently setting Processor Affinity in Windows

(No Ratings Yet)

No Comments |  Print This Post |