Process Monitor 2.8: "Free utility Process Monitor logs absolutely every tiny event that happens on your computer; the key to using it is filtering the signal from the noise.
"Saturday, February 27, 2010
Friday, February 26, 2010
Mac 101: Navigating OS X with your keyboard
Mac 101: Navigating OS X with your keyboard: "
Filed under: OS, Leopard, Mac 101, Snow Leopard
Let's face it: unless you're just casually surfing the Internet or playing a game, chances are pretty good that your hands are on the keyboard most of the time when you're at the computer. Sure, the mouse is only a few inches away, but wouldn't it just be easier if you didn't have to keep going back and forth from the mouse to the keyboard?Enter the world of keyboard shortcuts. A keyboard shortcut is exactly what the name implies: a way of using the keys on your keyboard to quickly perform tasks that typically would require multiple steps using a mouse. Before we dive in to the magic keystrokes, let's take a quick look at how shortcuts work on the Mac.
Most keyboards have a number of special keys in the bottom corners that look and work differently from the other keys. These keys are called 'modifier keys', because they change (or modify) the behavior of any keys that are pressed while the modifier key is held down. A good example of this is the shift key, which causes letters to appear in uppercase as they are typed. Although the shift key is commonly found on everything from typewriters to telephones, the other keys that are available depend on the keyboard you have and what kind of computer it is plugged in to. But just like the shift key, you use them by holding down the modifier key, pressing another key, then letting go of both keys.
On a Mac, the most commonly used modifier key is the Command key, which is just to the left of the space bar, and can be identified by a clover-like icon on the key. The most commonly used shortcuts in OS X make use of the Command key. For example, in most applications, pressing Command-S will save the document you have open, while Command-O will show the open dialog so you can open another document. Less common tasks make use of the other modifier keys, such as the Option and Control keys, and some even use more than one at a time (such as Command-Shift-S to show the Save As dialog instead of just saving the document).
If you're switching from using a PC, and you're familiar with keyboard shortcuts in Windows, you will find that many of the common shortcuts are similar, but it might take some time to train your muscle memory to find the Command key as it is in roughly the same spot as the Alt key on most PC keyboards.
One last thing that's important to know about keystrokes is exactly where they will work, or their 'scope'. There are a handful of shortcuts built in to OS X that have a global scope, meaning they will work pretty much anywhere, at any time, from any application. Here are some of my favorites:
Global OS X Keyboard Shortcuts
- Command+Tab - This is handy for switching between applications. Hold down Command and press the Tab key repeatedly to cycle through all of the running applications. You can also use the ` key (while still holding down the Command key) to go through the list of applications in reverse.
- Command+Space Bar - This will pop open the Spotlight search box so you can do a quick search. This can also double as a quick way to open applications without a mouse -- just type in an application, and hit enter when it shows up in the Spotlight search results.
- Command+H - Hide the current application. I use this to get rid of my e-mail window when I'm finished with it. You can get back to it by using Command+Tab as mentioned above, or clicking the icon in the dock.
- Command+Option+H - Hide all other applications (but the current one). This is really useful if you have a lot of windows open and want to focus on just one of them, or if you just want to reduce screen clutter.
- F8 through F12 - These keys toggle Spaces, Expose`, and Dashboard. On newer Macs, you might need to hold down the fn key as well.
Common Application Shortcuts
Besides the global shortcuts, there are several shortcuts that are standard across most applications, allowing you to quickly perform common tasks without having to guess what the keystroke might be:
- Command+X, Command+C, & Command-V - Cut, copy and paste. I know, they aren't easy to remember by the letters, but somewhere along the line that became the standard.
- Command-N - Open a new file, or sometimes a new window, depending on the application.
- Command-O - Show the open file dialog
- Command-S - Save the current document
- Command-W - Close the current window or tab
- Command-Q - Quit the current application
These are just the tip of the iceberg -- there are dozens of shortcuts covering everything from inverting your screen colors for high-contrast visibility to shutting down your Mac after a long day's work. If you're a power user who wants to do more with your keyboard, stay tuned -- we'll be covering more advanced keystrokes in the near future.
TUAWMac 101: Navigating OS X with your keyboard originally appeared on The Unofficial Apple Weblog (TUAW) on Fri, 26 Feb 2010 10:00:00 EST. Please see our terms for use of feeds.
Windows - Keyboard - Keyboard shortcut - Apple - Alt key"
Process Explorer 11
Process Explorer 11: "The free Process Explorer utility does everything Windows' Task Manager does and more, and it does a better job.
"Thursday, February 25, 2010
Add Volumes for mount at login directly on OS X Server Mac
Add Volumes for mount at login directly on OS X Server Mac: "Today I needed to use Workgroup Manager to add a Login Item that Mounts an afp Volume. Apple provides no instructions for doing this while logged in directly on the server; instead this task is done using Workgroup Manager on a client (see this Apple support document). I didn't have my MacBook with me at the time, nor did I want to install the Server Admin Tools on another machine just for this one task.
The solution is:
- Open Safari and enter the URL in the form of afp://IP-address-OR-Server-name/Share Point
- Drag the favicon (next to the URL) onto the Desktop.
- Drag the favicon into the System Preferences » Login » Items section of Workgroup Manager.
- Click Apply Now.
Note that you do not need to add %20 to any white space when typing the URL in Safari; this will automatically be added when you drag the Favicon to the Desktop. Also, the colon and for...
"
(Via MacOSXHints.com.)
Wednesday, February 24, 2010
10.6: Remove passwords from edit-restricted PDFs
10.6: Remove passwords from edit-restricted PDFs: "Four years ago, I wrote a hint about how to remove a PDF password using ColorSync from those PDF files than you can view, but not copy or change. It did not apply to files that were encrypted with a password and could not be opened.
To my surprise, it has been one of the more popular hints, with over 112,000 hits. However, since Tiger, Apple has progressively tightened the PDF DRM, so that the hint does not work in Snow Leopard any more. There are several third party programs that will do it, but here's how to do it in Snow Leopard for free.
Note that this hint will not decrypt PDF files that cannot be opened without a password.
The following do not work: copying the old ColorSync from Tiger, ...
"
(Via MacOSXHints.com.)
10 things you should know about DirectAccess
10 things you should know about DirectAccess: "
DirectAccess is promising to take remote access to a new level. Here’s a look at what it offers and how it works.
DirectAccess is a new remote access technology that’s available with the combination of Windows Server 2008 R2 and Windows 7 Enterprise or Ultimate editions. DirectAccess promises to revolutionize the entire remote access experience so that employees can be productive from anywhere at any time, without the constraints of traditional remote access technologies, such as network-level VPNs, SSL VPN gateways, and reverse proxies. It provides a seamless experience for users and advanced management capabilities for IT. DirectAccess enables access from anywhere, even when the DirectAccess client system is behind a restrictive firewall.
Note: This article is also available as a PDF download.
1: You can extend your corporate network to any Internet-connected client
The goal of DirectAccess is to extend your corporate network’s reach to any DirectAccess client computer that’s connected to the Internet. A DirectAccess computer is a domain member, a managed computer that is subject to the same change management and control mechanisms as computers that never leave the physical boundaries of the corporate network. In addition to extending IT’s control over all managed computers, regardless of location, DirectAccess provides a seamless network access experience for users. They don’t have to remember one name for when they are on the corpnet and another name when they’re off the corpnet; that’s because they’re always on the corpnet.
When a DirectAccess client computer starts, it establishes the ‘infrastructure’ tunnel. This tunnel allows the DirectAccess client computer to connect to management and domain resources, such as domain controllers, DNS servers, and management servers. This tunnel is also bidirectional, so IT can initiate ‘manage out’ connections to the DirectAccess clients on the Internet, in the same way they can when connecting to hosts on the intranet.
After the user logs on, a second tunnel, called the ‘intranet tunnel,’ enables users to connect to corporate resources in the same way an intranet host connects to those resources. They can use FQDNs or single label names to connect to file servers, Web servers, database servers, mail servers, or any other kind of server, and they never need to reconfigure their applications when they’re off the network. The DirectAccess user is always on the corporate network, regardless of location.
2: You’ll need to meet these DirectAccess requirements
You must meet several requirements before starting a DirectAccess deployment. For starters, you need:
- At least one domain controller running Windows Server 2003 or above.
- An internal PKI to assign machine certificates to DirectAccess clients and the DirectAccess server.
- A private or public PKI to assign Web site certificates to the IP-HTTPS listener and the Network Location Server (discussed later).
And you’ll need to meet these additional requirements:
- The DirectAccess server must be Windows Server 2008 R2 Standard or Enterprise or higher.
- IPv6 must be enabled, and IPv6 transition technologies must also not be disabled.
- DirectAccess clients must run Windows 7 Enterprise or Ultimate edition.
- DirectAccess clients must be members of an Active Directory domain.
- A highly available Network Location Server (Web server) must be on the corpnet.
- If there are firewalls in front of or behind the DirectAccess server, packet filters must be enabled to allow the required traffic.
- The DirectAccess server must have two network interface adapters.
3: IPv6 is the cornerstone of DirectAccess communications
The DirectAccess client always uses IPv6 to communicate with the DirectAccess server. The DirectAccess server will then forward these connections to IPv6-enabled hosts on the corpnet. The corpnet can use native IPv6 infrastructure (where the routers, switches, operating systems, and applications are all IPv6 capable) or it can use IPv6 transition technologies to connect to IPv6 resources on the corpnet.
The DirectAccess server can use ISATAP (Intra-site Automatic Tunnel Addressing Protocol) to tunnel IPv6 packets inside IPv4 headers, which can then take advantage of your IPv4 routing infrastructure to move IPv6 packets throughout your network. DirectAccess clients connected to the IPv4 Internet can use a number of IPv6 transition technologies to connect to the DirectAccess server, including 6to4, Teredo, and IP-HTTPS.
4: IPSec secures communications from end to edge and end to end
Since corpnet communications between the DirectAccess client and server are moving over a public Internet, it’s important that the communications be secured from interception and tampering. DirectAccess uses IPsec to secure the communications between the DirectAccess client and server. IPsec tunnel mode is used to establish both the infrastructure and intranet tunnels. In addition, you can configure DirectAccess to require end-to-end encryption between the DirectAccess client and destination server on the corpnet to use IPsec transport mode, so that the connection is encrypted from the client to its destination. DirectAccess also takes advantage of the new AuthIP feature that was initially introduced with Vista and Windows Server 2008, so that connections can be authenticated via user or computer credentials instead of just computer certificates.
5: Client applications must be IPv6 aware
While the goal is to provide a computing experience that is the same as the corpnet-connected client, there is one major difference between the corpnet client and the DirectAccess client: The DirectAccess client must use and always uses IPv6 to connect to the DirectAccess server. That means that the client application on the DirectAccess client must be IPv6 aware. If the client application is not IPv6 aware (for example, the current OCS client), the connection will fail. This is true even if you use an IPv6 to IPv4 translator, which enables DirectAccess clients to connect to IPv4 servers on the corpnet.
6: Active Directory and Group Policy make it work
A number of configuration changes are made to the DirectAccess server and DirectAccess client to make the solution work. To make these changes in the most efficient manner, the DirectAccess solution takes advantage of Active Directory and Active Directory Group Policy objects. The GPO is assigned to the DirectAccess server and DirectAccess clients. In addition, Active Directory is required for authentication. The infrastructure tunnel uses NTLMv2 authentication for the computer account connecting to the DirectAccess server, and that computer account must be part of an Active Directory domain. The intranet tunnel uses Kerberos authentication for the logged-on user to create the second tunnel.
Although Active Directory and GPOs are required, the DirectAccess server does not need to be a member of the resource domain. As long as there is a two-way trust between the DirectAccess server domain and the resource domains/forests, the solution will work.
7: Network Location Servers let DirectAccess clients know when they’re on the corpnet
DirectAccess is designed to work automatically and in the background. The user should never have to do anything to ‘turn on’ the DirectAccess connection. All the user needs to do is turn on the computer. In fact, the user doesn’t even need to log on! Before the user logs on, the infrastructure tunnel is automatically established, and the DirectAccess client’s agents can connect to their management servers to obtain updates, desired configuration information, security configuration settings, and anything else that IT needs to do to make sure that the DirectAccess client remains in compliance with network configuration and security policies.
To make this process transparent, there must be a mechanism where the DirectAccess client components know when to turn themselves off and on. This is where the Network Location Server comes in. The Network Location Server (NLS) is a Web server that allows incoming SSL connections. You can allow anonymous or integrated authentication to the NLS server. When the DirectAccess client connects to the NLS, it knows it’s on the corpnet, and it turns off the DirectAccess client components. If the DirectAccess client can’t contact the NLS server, it knows that it’s off the corpnet, and it automatically turns on the DirectAccess client components to establish the IPsec tunnels to the DirectAccess server over the Internet. The DirectAccess client does do a check on the Certificate Revocation List for the NLS Web server certificate, so the CRL must be available. Otherwise, the connection to the NLS SSL Web site will fail, and the intranet detection process will fail.
8: Certificates, certificates, certificates!
Certificates are used in a number of places in the DirectAccess client/server solution. Places where you’ll see certificates include:
- DirectAccess client computers. Each DirectAccess client needs a computer certificate to establish the IPsec connections to the DirectAccess server. These are used to create the IPsec connections and are also used by IP-HTTPS, where the DirectAccess server will perform a certificate validation of the computer certificate before allowing the IP-HTTPS connection over the Internet. Computer certificates are best assigned using Microsoft Certificate Server and Group Policy based computer certificate auto-enrollment.
- The IP-HTTPS listener on the DirectAccess Server. IP-HTTPS is an IPv6 transition technology used to tunnel IPv6 packets over the IPv4 Internet. This protocol was designed by Microsoft to enable the DirectAccess client to connect to the DirectAccess server, even if the DirectAccess client is located behind a firewall that allows only outbound HTTP/HTTPS connections or it’s behind a Web proxy server. The IP-HTTPS listener requires a Web site certificate, and the DirectAccess client must be able to contact the server hosting the CRL for the certificate. If the CRL check fails, the IP-HTTPS connection will fail. Commercial certificates are best for the IP-HTTPS listener, since their CRLs are globally available.
- DirectAccess servers. The DirectAccess server hosts the IP-HTTPS Web site certificate, but it also requires a computer certificate to establish the IPsec connections with the DirectAccess clients.
9: Name Resolution Policy Table provides policy-based DNS queries
The DirectAccess client uses the Name Resolution Policy Table (NRPT) to determine which DNS server to use to resolve names. When the DirectAccess client is on the corpnet, the NRPT is turned off. When the DirectAccess client detects that it is on the Internet, the DirectAccess client turns on the NRPT and checks its entries to see which DNS server it should use to connect to a resource. You put your internal domain names and possible servers on the NRPT and configure it to use an internal DNS server to resolve names.
When the DirectAccess client on the Internet needs to connect to a resource using a FQDN, it checks the NRPT. If the name is on it, the query is sent to an intranet DNS server. If the name is not on the NRPT, the DirectAccess client sends the query to the DNS server configured on its NIC, which is an Internet DNS server. The name of the NLS server is also placed on the NRPT, but it’s included as an exemption — meaning that the DirectAccess client should never use an intranet server to resolve the name of the NLS server. So the DirectAccess client on the Internet will never be able to resolve the name of the NLS server and thus will know that it is on the Internet and will turn on its DirectAccess client components. Even more important, when it connects to the corpnet over the DirectAccess connection, it doesn’t think that it’s connected to the corpnet by resolving the name of the NLS server.
10: DirectAccess enables ‘manage out’ capabilities
As already mentioned, IT can take advantage of the ‘manage out’ capabilities enabled by the infrastructure tunnel to connect to DirectAccess clients on the Internet. However, you will need to configure Firewall Rules in the Windows Firewall with Advanced Security (WFAS) to allow these connections for Teredo clients. When you create these rules, make sure that they have Edge Traversal turned on for the Firewall Rule. DirectAccess clients are Teredo clients when they are located behind a NAT device to connect to the Internet and the DirectAccess server, and the NAT device allows UDP port 3544 outbound.
Check out 10 Things… the newsletter
Get the key facts on a wide range of technologies, techniques, strategies, and skills with the help of the concise need-to-know lists featured in TechRepublic’s 10 Things newsletter, delivered every Friday. Automatically sign up today.
"
(Via 10 Things.)
How to use 'cp' as a simple but reliable backup tool
How to use 'cp' as a simple but reliable backup tool: "While looking for the perfect product to keep my photos safe, I discovered that sometimes simple is best. My requirements were simple: ensure that all my digital photos, stored on a locally attached USB drive, were duplicated to another drive attached to my AirPort Extreme. My photos are in RAW format (specifically DNG files) and will never change, so I only need to concern myself with new files.
I checked out numerous commercial and free products for backup, synchronizing and more, and nothing quite fit the bill. Whilst rsync could probably do the job, I couldn't get my head around the terminology to be sure I wasn't risking the original files. Then I discovered the solution. So mind-bogglingly simple, and no third-party software required. In Terminal, I run this command:
cp -npRv '/Volumes/LocalUSB/Photos/' '/Volumes/RemoteUSB/Photos/'
Yes, it is the standard Unix copy (cp) command with a few options:
"
(Via MacOSXHints.com.)