Archive for June, 2010

FTP Commands

Today, sudden interest in how the Microsoft commands works…..  as result I am creating a post here….

Very simple, as like Unix it won’t take more than 20 mins to learn.

Open the CMD

1. C:\> ftp domain.com

2. Prompts for user_name and password, type the credentials.

3. Help  is the command for listing number of commands can be used in Remote client machine.

4. ls | dir is the one used for listing the file and directories.

5. cd directory_name used to navigate required folder.

6. lcd (lcd is used to list the your local computer drive, basically from this location you can upload and download the file.) Default lcd will be C;\

7. To upload a file use, put file_name (the file location will be depends on lcd)

8.To download the file get | recv (the file will be downloaded in lcd location)

9. To know your current location in Remote server use ‘pwd

10. Rest of commands as like in unix are: ls, mkdir, delete, rmdir and exit.

This would be basic commands used for FTP and based on this we can perform almost task in FTP and I have listed other supported commands in FTP,

Client commands

    * ! – Runs the specified command on the local computer
    * ? – Displays descriptions for ftp commands
    * append – Appends a local file to a file on the remote computer
    * ascii – Sets the file transfer type to ASCII, the default
    * bell – Toggles a bell to ring after each file transfer command is completed (default = OFF)
    * binary – Sets the file transfer type to binary
    * bye – Ends the FTP session and exits ftp
    * cd – Changes the working directory on the remote computer
    * close – Ends the FTP session and returns to the command interpreter
    * debug – Toggles debugging (default = OFF)
    * delete – Deletes a single file on a remote computer
    * dir – Displays a list of a remote directory’s files and subdirectories
    * disconnect – Disconnects from the remote computer, retaining the ftp prompt
    * get – Copies a single remote file to the local computer
    * glob – Toggles filename globbing (wildcard characters) (default = ON)
    * hash – Toggles hash-sign (#) printing for each data block transferred (default = OFF)
    * help – Displays descriptions for ftp commands
    * lcd – Changes the working directory on the local computer
    * literal – Sends arguments, verbatim, to the remote FTP server
    * ls – Displays an abbreviated list of a remote directory’s files and subdirectories
    * mdelete – Deletes one or more files on a remote computer
    * mdir – Displays a list of a remote directory’s files and subdirectories
    * mget – Copies one or more remote files to the local computer
    * mkdir – Creates a remote directory
    * mls – Displays an abbreviated list of a remote directory’s files and subdirectories
    * mput – Copies one or more local files to the remote computer
    * open – Connects to the specified FTP server
    * prompt – Toggles prompting (default = ON)
    * put – Copies a single local file to the remote computer
    * pwd – Displays the current directory on the remote computer (literally, "print working directory")
    * quit – Ends the FTP session with the remote computer and exits ftp (same as "bye")
    * quote – Sends arguments, verbatim, to the remote FTP server (same as "literal")
    * recv – Copies a remote file to the local computer
    * remotehelp – Displays help for remote commands
    * rename – Renames remote files
    * rmdir – Deletes a remote directory
    * send – Copies a local file to the remote computer (same as "put")
    * status – Displays the current status of FTP connections
    * trace – Toggles packet tracing (default = OFF)
    * type – Sets or displays the file transfer type (default = ASCII)
    * user – Specifes a user to the remote computer
    * verbose – Toggles verbose mode (default = ON)


Read Full Post »

IIS MetaBase

For the beginners, IIS Metabase would be quite horror to handle, because when you made a direct change to this file will make IIS into ~ hung-up ~ to avoid this most of them won’t prefer to touch this file. Still, there is some exception to use and solve issues.

The location for IIS Metabase.xml


How to Restore Metabase

when it seems to just corrupt out of no where and IIS wont start again, you may notice in particular a message in the system event log “service-specific error 2149648394 (0×8021080A)“.  Well fortunately Microsoft has identified this is a likely occurrence and has carefully supplied a backup of the MetaBase.xml, which is located in:


To restore a corrupt MetaBase.xml, find the file that is the most up to date (that you’re sure was working) and simply copy it back into:


And rename it MetaBase.xml

You should be able to restart IIS without a problem.

Read Full Post »

You can set these sites to run in Full Trust mode by following these steps:

1. Open c:/windows/microsoft.net/framework/v2.0.50727/config/web.confg

2. Here, you will see the code like:

<location path="xyzabc.com" allowOverride="true">
<trust level="Full" originUrl=".*"/>

3. Copy and paste by replace the domain name in first line this sense the Full trust mode for the Website,

Once you make all of your changes, save and close the file, then restart IIS by going to the command line and running iisreset.

4. Done.

Read Full Post »

In order to configure SmarterMail interface on windows 2003 server one need to perform below mentioned steps:

1) Login into the server.
2) Create a New Website from IIS named as SmarterMail and apply below mentioned details:

    * Description: SmarterMail
    * IP Address: the primary IP address for your server (If it is Dedicated IP, is most preferable)
    * Host header for this Web site: mail.domainname.com
    * Path: C:\Program Files\SmarterTools\SmarterMail\MRS
    * Website Permissions: check the buttons Read and Run scripts

3) Right Click on website and select properties.
4) On the ASP.NET tab, select the appropriate version of ASP.NET based on the version of SmarterMail.
5) On the HTTP Headers tab, click MIME Types -> Click New.
6) Enter the requested information:

    * Extension: .js
    * MIME type: application/x-javascript

7) Click on Ok.
8) Create an A record in DNS for mail.domainname.com that points to the primary IP address for your server

This will work !

Read Full Post »

Hi All –

We can generate CSR and Install SSL through Command Line Interface for windows Servers. The Steps are as below.

Save the following file as request.inf on your server editing the subject according to the comment:

;—————– request.inf —————–


Signature="$Windows NT$"


;Change to your,country code, company name and common name
Subject = "C=US, O=Acme Safe Co, CN=xyzabc.com"

KeySpec = 1

KeyLength = 2048

; Can be 1024, 2048, 4096, 8192, or 16384.

; Larger key sizes are more secure, but have

; a greater impact on performance.

Exportable = TRUE

MachineKeySet = TRUE

SMIME = False

PrivateKeyArchive = FALSE

UserProtected = FALSE

UseExistingKeySet = FALSE

ProviderName = "Microsoft RSA SChannel Cryptographic Provider"

ProviderType = 12

RequestType = PKCS10

KeyUsage = 0xa0


OID= ; this is for Server Authentication / Token Signing


then run:

c:\>certreq -new request.inf request.csr

This will generate your csr.. When your certificate is issued you’ll receive a file called xyzabc.com.cer. Save it on the server and from the same directory run:

C:\>certreq -accept xyzabc.com.cer

This will install the cert in the Windows certificate store and it will be available in IIS, MMC, Exchange, LDAP/Active Directory, Terminal Services etc…

Read Full Post »

Basically the root-cause of the permission break-up is either in IIS or ASP.NET appears due to the Authentication fails. However, the permission of both Internet Information Services (IIS) and ASP.NET provide several authentication schemes. I have listed on the basis of IIS,

IIS provides a variety of authentication schemes:

    * Anonymous (enabled by default)
    * Basic
    * Digest
    * Integrated Windows authentication (enabled by default)
    * Client Certificate Mapping


 Anonymous authentication gives
users access to the public areas of your Web site without prompting them for a
user name or password. Although listed as an authentication scheme, it is not
technically performing any client authentication because the client is not
required to supply any credentials. Instead, IIS provides stored credentials to
Windows using a special user account, IUSR_machinename. By default, IIS
controls the password for this account. Whether or not IIS controls the
password affects the permissions the anonymous user has. When IIS controls the
password, a subauthentication DLL (iissuba.dll) authenticates the user using a
network logon. The function of this DLL is to validate the password supplied by
IIS and to inform Windows that the password is valid, thereby authenticating
the client. However, it does not actually provide a password to Windows. When
IIS does not control the password, IIS calls the LogonUser() API in Windows and
provides the account name, password and domain name to log on the user using a
local logon. After the logon, IIS caches the security token and impersonates
the account. A local logon makes it possible for the anonymous user to access
network resources, whereas a network logon does not.


 IIS implements Basic
authentication, which is part of the HTTP 1.0 specification, using Windows user
accounts. When using Basic authentication, the browser prompts the user for a
user name and password. This information is then transmitted across HTTP where
it is encoded using Base64 encoding. Although most Web servers, proxy servers,
and Web browsers support Basic authentication, it is inherently insecure.
Because it is easy to decode Base64 encoded data, Basic authentication is
essentially sending the password as plain text.

 The IIS metabase contains a
LogonMethod property to specify the logon method for clear-text logons such as
Basic authentication. By default, Basic authentication requires the Windows
user account to have local logon rights at the Web server. If you use the
default setting, IIS caches credentials during logon, which slows the logon
process. By specifying either network logon or network with cleartext logon,
IIS does not cache credentials at logon, which expedites the logon process. A
local logon makes it possible for the user to access network resources, whereas
a network logon does not. However, a network with cleartext logon makes it
possible for the user to access network resources.


 Digest authentication addresses
the primary weaknesses of basic authentication: sending passwords in plain
text. Digest authentication is a challenge/response mechanism, which sends a
digest (also known as a hash) instead of a password over the network. A digest
is a fixed-size result obtained by applying a mathematical function (called a
hash function or digest algorithm) to an arbitrary amount of data. The
fixed-size depends upon the level of encryption. For example, if a 128-bit
digest consisted of 32 ASCII characters, a 40-bit digest would consist of 10
ASCII characters.

 Integrated Windows Authentication

 Integrated Windows authentication
(formerly known as NTLM authentication and Windows NT Challenge/Response
authentication) can use either NTLM or Kerberos V5 authentication and only
works with Internet Explorer 2.0 and later.

 When Internet Explorer attempts
to access a protected resource, IIS sends two WWW-Authenticate headers,
Negotiate and NTLM.

     * If Internet Explorer recognizes the Negotiate header, it will
choose it because it is listed first. When using Negotiate, the browser will
return information for both NTLM and Kerberos. At the server, IIS will use
Kerberos if both the client (Internet Explorer 5.0 and later) and server (IIS
5.0 and later) are running Windows 2000 and later, and both are members of the
same domain or trusted domains. Otherwise, the server will default to using

    * If Internet Explorer does not understand Negotiate, it will
use NTLM.

 So, which mechanism is used
depends upon a negotiation between Internet Explorer and IIS.

 When used in conjunction with
Kerberos v5 authentication, IIS can delegate security credentials among
computers running Windows 2000 and later that are trusted and configured for
delegation. Delegation enables remote access of resources on behalf of the
delegated user.

 Client Certificate Mapping

 A certificate is a digitally
signed statement that contains information about an entity and the entity’s
public key, thus binding these two pieces of information together. A trusted
organization (or entity) called a Certification Authority (CA) issues a certificate
after the CA verifies that the entity is who it says it is. Certificates can
contain different types of data. For example, an X.509 certificate includes the
format of the certificate, the serial number of the certificate, the algorithm
used to sign the certificate, the name of the CA that issued the certificate,
the name and public key of the entity requesting the certificate, and the CA’s
signature. X.509 client certificates simplify authentication for larger user
bases because they do not rely on a centralized account database. You can
verify a certificate simply by examining the certificate. For more information,
see Microsoft Windows 2000 Public Key Infrastructure.

 Operating systems such as Windows
still require the notion of a user account. Certificate mapping makes it
possible for administrators to associate a single certificate (one-to-one
mapping), or multiple certificates (many-to-one), to a user account.
Many-to-one mapping uses rules to define certificate criteria for mapping. For
more information, see Mapping Client Certificates to User Accounts in the IIS

Read Full Post »

About Me :)

Hi All –

It’s my happiness to share to you all my technical stuff here, being Windows -Technical support Engineer and it’s my privilege to create in Microsoft blog. Keep your comments here .. Nerd smile

Read Full Post »