Install Greenbone Vulnerability Manager 20.08 on Ubuntu 20.04

Thanks to for the original article. The instructions below are a tweaked version of them that contains error corrections and changes for Ubuntu (versus Debian 10).

Before Beginning


This is assuming a new fresh Ubuntu Server 20.04 image. Nothing additionally is installed except SSH server. The instructions will have you switch between a couple users, so to make things easier it’s recommended to have 2 SSH sessions open to the machine.


Greenbone limits connections to their services. If you have a firewall and NAT it can be tricky to get everything downloaded from them. You will need TCP port 873 open from the machine to Greenbone to allow the scripts to work. It is also recommend to put a timeout on the firewall rule if it’s supported, something like 60 seconds (The higher the easier it is on their services, try not to flood their server with requests). Too much activity from your IP will get it temporarily banned.

Install Prerequisites

Note: This will change your current session to root.

sudo su -
apt update &&\
apt -y dist-upgrade &&\
apt -y autoremove &&\
apt install -y software-properties-common &&\
apt install -y build-essential cmake pkg-config libglib2.0-dev libgpgme-dev libgnutls28-dev uuid-dev libssh-gcrypt-dev libldap2-dev doxygen graphviz libradcli-dev libhiredis-dev libpcap-dev bison libksba-dev libsnmp-dev gcc-mingw-w64 heimdal-dev libpopt-dev xmltoman redis-server xsltproc libical-dev postgresql postgresql-contrib postgresql-server-dev-all gnutls-bin nmap rpm nsis curl wget fakeroot gnupg sshpass socat snmp smbclient libmicrohttpd-dev libxml2-dev python3-polib gettext rsync xml-twig-tools python3-paramiko python3-lxml python3-defusedxml python3-pip python3-psutil python3-impacket virtualenv vim git &&\
apt install -y texlive-latex-extra --no-install-recommends &&\
apt install -y texlive-fonts-recommended &&\
curl -sS | apt-key add - &&\
echo "deb stable main" | tee /etc/apt/sources.list.d/yarn.list &&\
apt update &&\
apt -y install yarn &&\
yarn install &&\
yarn upgrade

Create the GVM User

echo 'export PATH="$PATH:/opt/gvm/bin:/opt/gvm/sbin:/opt/gvm/.local/bin"' | tee -a /etc/profile.d/ &&\
chmod 0755 /etc/profile.d/ &&\
source /etc/profile.d/ &&\
bash -c 'cat << EOF > /etc/
# gmv libs location
mkdir /opt/gvm &&\
adduser gvm --disabled-password --home /opt/gvm/ --no-create-home --gecos '' &&\
usermod -aG redis gvm &&\
chown gvm:gvm /opt/gvm/

Here is it recommended to create another session to the machine so that this root session can stay in tact as there will be some back and forth. From now on the headers will be marked with the session user to execute them as.

sudo su - gvm

Download and Install Software (GVM)

mkdir src &&\
cd src &&\
export PKG_CONFIG_PATH=/opt/gvm/lib/pkgconfig:$PKG_CONFIG_PATH
git clone -b gvm-libs-20.08 --single-branch &&\
git clone -b openvas-20.08 --single-branch &&\
git clone -b gvmd-20.08 --single-branch &&\
git clone -b master --single-branch &&\
git clone -b gsa-20.08 --single-branch &&\
git clone -b ospd-openvas-20.08 --single-branch &&\
git clone -b ospd-20.08 --single-branch

Install gvm-libs (GVM)

cd gvm-libs &&\
export PKG_CONFIG_PATH=/opt/gvm/lib/pkgconfig:$PKG_CONFIG_PATH &&\
mkdir build &&\
cd build &&\
cmake -DCMAKE_INSTALL_PREFIX=/opt/gvm .. &&\
make &&\
make doc &&\
make install &&\
cd /opt/gvm/src

Install openvas-smb (GVM)

cd openvas-smb &&\
export PKG_CONFIG_PATH=/opt/gvm/lib/pkgconfig:$PKG_CONFIG_PATH &&\
mkdir build &&\
cd build/ &&\
cmake -DCMAKE_INSTALL_PREFIX=/opt/gvm .. &&\
make &&\
make install &&\
cd /opt/gvm/src

Install the scanner (GVM)

cd openvas &&\
export PKG_CONFIG_PATH=/opt/gvm/lib/pkgconfig:$PKG_CONFIG_PATH &&\
mkdir build &&\
cd build/ &&\
cmake -DCMAKE_INSTALL_PREFIX=/opt/gvm .. &&\
make &&\
make doc &&\
make install &&\
cd /opt/gvm/src

Fix redis for OpenVAS Install (root)

If you are only in one session, remember to exit to get back to root, otherwise switch to the root session.

export LC_ALL="C" &&\
ldconfig &&\
cp /etc/redis/redis.conf /etc/redis/redis.orig &&\
cp /opt/gvm/src/openvas/config/redis-openvas.conf /etc/redis/ &&\
chown redis:redis /etc/redis/redis-openvas.conf &&\
echo "db_address = /run/redis-openvas/redis.sock" > /opt/gvm/etc/openvas/openvas.conf &&\
systemctl enable redis-server@openvas.service &&\
systemctl start redis-server@openvas.service
sysctl -w net.core.somaxconn=1024 &&\
sysctl vm.overcommit_memory=1 &&\
echo "net.core.somaxconn=1024"  >> /etc/sysctl.conf &&\
echo "vm.overcommit_memory=1" >> /etc/sysctl.conf
cat << EOF > /etc/systemd/system/disable-thp.service
Description=Disable Transparent Huge Pages (THP)

ExecStart=/bin/sh -c "echo 'never' > /sys/kernel/mm/transparent_hugepage/enabled && echo 'never' > /sys/kernel/mm/transparent_hugepage/defrag"

systemctl daemon-reload &&\
systemctl start disable-thp &&\
systemctl enable disable-thp &&\
systemctl restart redis-server

Add the /opt/gvm/sbin path to the secure_path variable:

sed 's/Defaults\s.*secure_path=\"\/usr\/local\/sbin:\/usr\/local\/bin:\/usr\/sbin:\/usr\/bin:\/sbin:\/bin:\/snap\/bin\"/Defaults secure_path=\"\/usr\/local\/sbin:\/usr\/local\/bin:\/usr\/sbin:\/usr\/bin:\/sbin:\/bin:\/snap\/bin:\/opt\/gvm\/sbin\"/g' /etc/sudoers | EDITOR='tee' visudo

Allow the user running ospd-openvas to launch with root permissions:

echo "gvm ALL = NOPASSWD: /opt/gvm/sbin/openvas" > /etc/sudoers.d/gvm
echo "gvm ALL = NOPASSWD: /opt/gvm/sbin/gsad" >> /etc/sudoers.d/gvm

Update NVT (GVM)

Make sure to switch back to the GVM session, or run sudo su – gvm to get back to the GVM user (one command at a time).



If you get timeout errors, most likely there is a firewall in the way. Make sure to open TCP port 873. If you get connection refused errors, wait some time and try again. Most likely you have a connection to their server that is still open. It is recommended to put a connection timeout in the port forward in the firewall if supported.

This is a VERY long process and downloads over 50,000 (!!!!) files. This is a good time to get lunch, get coffee, or go for a walk. I had to run the script a couple times as I ended up getting connection refused errors after 60,000 files.

Make sure when you run the command again that there are no more downloads and no more errors.

Upload Plugins in redis with OpenVAS (GVM)

This may take a little time depending on hardware, and gives you no feedback when you run the command.

sudo openvas -u

Install Manager (GVM)

cd gvmd &&\
export PKG_CONFIG_PATH=/opt/gvm/lib/pkgconfig:$PKG_CONFIG_PATH &&\
mkdir build &&\
cd build/ &&\
cmake -DCMAKE_INSTALL_PREFIX=/opt/gvm .. &&\
make &&\
make doc &&\
make install &&\
cd /opt/gvm/src

Configure PostgreSQL (Sudoers User)

Switch to a user in sudoers (do not use root or gvm for this). The user created during install will work here. Execute one line at a time.

sudo -u postgres bash
export LC_ALL="C"
createuser -DRS gvm
createdb -O gvm gvmd

psql gvmd
create role dba with superuser noinherit;
grant dba to gvm;
create extension "uuid-ossp";
create extension "pgcrypto";

Fix Certificates (GVM)

Don’t forget to switch back to the GVM session or switch back to the GVM user. (sudo su – gvm)

gvm-manage-certs -a

Create Admin User (GVM)

Warning! This creates a user with a very bad password for initial setup/scan. Remember to change this later!

gvmd --create-user=admin --password=admin

Configure and Update Feeds (GVM)

For the feeds to update completely, we will need to set “Feed Import Owner” to the admin’s UUID. First, find the UUID of the new admin user

gvmd --get-users --verbose

You will get a long string of letters and numbers next to “admin”. Use this string in the next command.

gvmd --modify-setting 78eceaec-3385-11ea-b237-28d24461215b --value <string from above command>
gvm@server:/opt/gvm/src$ gvmd --get-users --verbose
admin 6f9e52bf-fb3d-4c56-9fe0-d3cb25497e1a
gvm@server:/opt/gvm/src$ gvmd --modify-setting 78eceaec-3385-11ea-b237-28d24461215b --value 6f9e52bf-fb3d-4c56-9fe0-d3cb25497e1a

Run the next 3 commands one line at a time. As above, you may get connection refused errors. Just try the command again until it succeeds (but try not to flood with requests). These commands will also take some time (SCAP seems to be the biggest). Time for another coffee break.

greenbone-feed-sync --type GVMD_DATA
greenbone-feed-sync --type SCAP
greenbone-feed-sync --type CERT

Install gsa (GVM)

cd gsa &&\
export PKG_CONFIG_PATH=/opt/gvm/lib/pkgconfig:$PKG_CONFIG_PATH &&\
mkdir build &&\
cd build/ &&\
cmake -DCMAKE_INSTALL_PREFIX=/opt/gvm .. &&\
make &&\
make doc &&\
make install &&\
touch /opt/gvm/var/log/gvm/gsad.log &&\
cd /opt/gvm/src

Set up OSPD-OpenVAS

Install the virtualenv (GVM)

Note: You may have to change –python python3.8 to match your installed python version.

cd /opt/gvm/src &&\
export PKG_CONFIG_PATH=/opt/gvm/lib/pkgconfig:$PKG_CONFIG_PATH &&\
virtualenv --python python3.8  /opt/gvm/bin/ospd-scanner/ &&\
source /opt/gvm/bin/ospd-scanner/bin/activate

Install ospd (GVM)

mkdir /opt/gvm/var/run/ospd/ &&\
cd ospd &&\
pip3 install . &&\
cd /opt/gvm/src

Install ospd-openvas (GVM)

cd ospd-openvas &&\
pip3 install . &&\
cd /opt/gvm/src

Create Startup Scripts (root)

cat << EOF > /etc/systemd/system/gvmd.service
Description=Open Vulnerability Assessment System Manager Daemon
Wants=postgresql.service ospd-openvas.service
After=postgresql.service ospd-openvas.service

ExecStart=/opt/gvm/sbin/gvmd --osp-vt-update=/opt/gvm/var/run/ospd.sock
ExecReload=/bin/kill -HUP $MAINPID

cat << EOF > /etc/systemd/system/gsad.service
Description=Greenbone Security Assistant (gsad)

ExecStart=/opt/gvm/sbin/gsad --drop-privileges=gvm

cat << EOF > /etc/systemd/system/ospd-openvas.service 
Description=Job that runs the ospd-openvas daemon
Documentation=man:gvm redis-server@openvas.service

ExecStart=/opt/gvm/bin/ospd-scanner/bin/python /opt/gvm/bin/ospd-scanner/bin/ospd-openvas --pid-file /opt/gvm/var/run/ --unix-socket=/opt/gvm/var/run/ospd.sock --log-file /opt/gvm/var/log/gvm/ospd-scanner.log --lock-file-dir /opt/gvm/var/run/ospd/


Enable and Start the services (root)

systemctl daemon-reload &&\
systemctl enable gvmd &&\
systemctl enable gsad &&\
systemctl enable ospd-openvas &&\
systemctl start gvmd &&\
systemctl start gsad &&\
systemctl start ospd-openvas

Check the services (root)

Make sure all 3 are running.

systemctl status gvmd
systemctl status gsad
systemctl status ospd-openvas

Modify Default Scanner (GVM)

Remember to switch back to your GVM session or GVM user.

First get the UUID of the scanner that has the socket (ospd.sock)

gvmd --get-scanners

Then modify the scanner:

gvmd --modify-scanner=<UUID> --scanner-host=/opt/gvm/var/run/ospd.sock
(ospd-scanner) gvm@server:/opt/gvm/src$ gvmd --get-scanners
08b79033-5fc2-4047-a489-93b340221d73  OpenVAS  /var/run/ospd/ospd.sock  0  OpenVAS Default
6acd0832-df90-11e4-b9d5-28d24461215b  CVE    0  CVE
(ospd-scanner) gvm@server:/opt/gvm/src$ gvmd --modify-scanner=08b79033-5fc2-4047-a489-93b340221d73 --scanner-host=/opt/gvm/var/run/ospd.sock
Scanner modified.

Log in!

If you got this far with no errors, congratulations! Now you can log in with a browser with your server’s IP address (https://123.456.789) and try it out. The default login is admin/admin as set above. Remember to change that!

Change Admin Password

To change the admin account password (or whatever the username is):

sudo su - gvm
cd /opt/gvm/sbin
./gvmd --user=admin --new-password=YourLongStrongPasswordHere

Using USB PCI Cards in Mac OS 9.1/9.2

These instructions are intended for machines that have had a PCI USB card installed after Mac OS installation has occurred, or one running 9.2 without built-in USB ports. The extensions that come with 9.2 have a bug, causing them to not work on Macs without built-in USB. The card and devices plugged into it will appear in System Profiler but will not function, and do not disappear until the machine is restarted.

Picture 1

In 9.1 you could also run the installer again, select Add/Remove, and add in USB Adapter Card Support. This is located in Mac OS 9.1>Network & Connectivity when doing a customized installation.


You will need

  • A Macintosh with a working Mac OS 9.1 or 9.2 installation (See note 1 for prior versions)
  • One PCI USB Card that’s OHCI compliant, installed in the Mac. The vast majority of PCI USB 1.1/2.0 cards support OHCI.
    • Theoretically any OHCI-compliant card will work, but certain configurations are problematic (See note 2)
    • Note that a USB2.0 card will not work at 2.0 speeds as OS8/9 do not support EHCI
  • Mac OS 9.1, either a retail CDROM or the 9.1 update
  • TomeViewer


  1. Insert your OS 9.1 disc or extract the 9.1 update and open the “Installation Tome” filePicture 2
    1. This is located in Software Installers/System Software/Mac OS 9.1
  2. Extract these files from the tome, placing them on your desktop.Picture 3
    1. HID Library
    2. Serial ShimLib
    3. USB Device Extension
    4. USB Mass Storage Support
    5. USB Software Locator
    6. USB Support
  3. Skip to step 4 unless you’re running 9.2. You’ll need to remove the preinstalled versions of these files from your Extensions folder (in your System Folder.) Create a folder on your desktop and place them inside.
  4. Drag the files you extracted onto the System Folder. You should receive a dialog box asking you to confirm placing them in the Extensions folder, click OK. Alternatively you can place the files directly in the Extensions folder.
  5. Reboot. USB should now be working. You may trash the extensions you removed (if on 9.2)Picture 7


  1. Apple provided USB Adapter Card Support 1.4.1 as a separate installer for 8.6-9.0. You may still be able to use the versions extracted from 9.1, however.
  2. All OHCI cards are supposed to work.
    1. I’ve had the best luck with NEC, Lucent, and OPTi-based cards. I’d stay away from VIA
    2. I could not get any USB 2.0 cards to function in a PowerMac 6500. I suspect this might have something to do with PCI 2.2, but I’m not sure. Please comment with your results.


Booting Alternative Images from WDS using PXELinux


You will need:


Extract these files from into a temporary folder

  • /core/pxelinux.0 and rename it to
  • /com32/menu/vesamenu.c32
  • /com32/chain/chain.c32
  • /memdisk/memdisk (If you want to be able to load raw floppy images and/or ISOs)

File Installation

From here on out, RemoteInstall will refer to the “Remote Installation Folder” you chose during initial setup of WDS

  1. Copy the above files into \RemoteInstall\Boot\x86
  2. In the x86 folder, make a copy of and name it abortpxe.0
  3. Also make a copy of pxeboot.n12 and rename it to pxeboot.0
    • We make copies of these files because pxelinux is picky about file extensions.
  4. Repeat steps 1-3 in the \RemoteInstall\Boot\x64 directory

The x86 and x64 directories should now have the highlighted files in them.


Initial Configuration

We can make configuration files and a folder for images in either architecture directory, but then we’d be using double the space for storing boot images and we’d have to edit our configuration twice. Instead, we’ll use junctions (symlinks.)

  1. Create the folder \RemoteInstall\Boot\pxelinux.cfg
    • Note that it’s a folder named “pxelinux.cfg” and not a file
  2. Now create the junction. For this you’ll need to open a command window in the x86 directory and run
    • mklink /J pxelinux.cfg E:\RemoteInstall\Boot\pxelinux.cfg
      1. To get a command window in the x86 directory you can hold shift and right click in the directory and click “Open command window here…”
  1. Repeat step 2 but in the x64 directory instead
  2. Make a plaintext file called “default” in \RemoteInstall\Boot\pxelinux.cfg\ and place this sample configuration in it. Make sure there is no file extension.
DEFAULT      vesamenu.c32
 PROMPT       0
 # Timeout in units of 1/10 s
 MENU COLOR BORDER 30;44		#20ffffff #00000000 none
 MENU COLOR SCROLLBAR 30;44		#20ffffff #00000000 none
 MENU COLOR TITLE 0 		#ffffffff #00000000 none
 MENU COLOR SEL   30;47		#40000000 #20ffffff
 #MENU BACKGROUND MyMenuBackgroundPicture640x480.jpg
 LABEL wds
 MENU LABEL Windows Deployment Services
 KERNEL pxeboot.0
 LABEL Abort
 Kernel	abortpxe.0
 LABEL local 
 MENU LABEL Boot from Harddisk
 Type 0x80
  1. You should be able to see this file when browsing to either \RemoteInstall\Boot\x86\pxelinux.cfg or \RemoteInstall\Boot\x64\pxelinux.cfg
    • If not, check your junctions
  2. Create a folder to store your boot images in
    • I used \RemoteInstall\Images\Linux
  3. Make junctions in each folder like before
    • mklink /J Linux E:\RemoteInstall\Images\Linux
      1. The junctions should appear like this


  1. Now that everything is in place we need to change WDS’s default boot images to pxelinux. To do this we’ll run the following commands from an Administrator command prompt
wdsutil /set-server /bootprogram:boot\x86\ /architecture:x86
wdsutil /set-server /N12bootprogram:boot\x86\ /architecture:x86
wdsutil /set-server /bootprogram:boot\x64\ /architecture:x64
wdsutil /set-server /N12bootprogram:boot\x64\ /architecture:x64


At this point you can attempt to boot from the server. You should get the Pxelinux menu; selecting Windows Deployment Services should bring up the WDS menu. If this isn’t the case, go back and make sure all steps have been completed.



We’ll add memtest86+ and an ISO file to the server as an example. The PXELINUX wiki has some more information about other clients here.


You’ll need to grab the latest pre-compiled bootable binary from and extract the bin file from it. Rename it to just “memtest86+” and place it in your Linux directory.

Add this to your pxelinux configuration, “#—“ separates menu items. LABEL must be unique for each item.

 LABEL memtest86+
 MENU LABEL Memtest86+ 5.01
 KERNEL /Linux/memtest86+

Attempt to boot memtest86+ by selecting it from the pxelinux menu.

  • Again, pxelinux can be picky about file extensions


ISO/floppy Image

Here I’m using partedmagic, but this should work with just about any ISO. See the memdisk documentation for more details.

Place your ISO or floppy image in the Linux directory. Since we’re using memdisk we don’t have to worry about the file extension. Here I’m using Partedmagic, the configuration will look something like this

 LABEL pmagic
 MENU LABEL Parted Magic 2013_08_01
 KERNEL memdisk
 INITRD /Linux/pmagic_2013_08_01.iso

If you’re using a floppy image you won’t include “APPEND iso”. Some Windows installation media also requires you add raw to the append line (APPEND iso raw).

Fixing Windows 10: Security, Privacy, Usability.

As part of my career, I have to keep up to date on these things, even if that means using a new unproven operating system. Also, as some have to use Windows for certain software and games like I do. I can only hope more and more developer studios start supporting Linux.

There are a lot of scare articles out there about Windows 10. It really depends on how big of a tin foil hat you want to wear. Yes, we don’t know exactly what data is being sent to Microsoft. No, we definitely should never trust Microsoft. Yes, we can do some basic things to tame the data transfer a little. What it boils down to is what your habits are. There are a lot of very simple things that have been known forever that can go a long way in protecting yourself. Things like using multiple strong passwords, protecting your information with encryption or off site storage (like on a NAS instead of locally), keeping your browsing history and cookies cleared, and other such basic security browsing habits.

Anyway, Windows 10 does have some problems out of the box. Apparently Microsoft thinks that everyone has a ton of bandwidth to share and nobody cares much about privacy or security at all. So here are a collection of things that I have found to really help make Windows 10 a little bit better. However, if you can stick with Windows 7 or 8.1, just do that for now. If you have upgraded, read on.

Before you get started thinking about what to enable or disable, take a second to understand exactly what kind of information there is to collect. If you search, everything you search is collected. If you ask for directions, that is collected. Is that a good thing or bad? That’s up to you. Do you care that the world knows your hobbies? Or do you care that everyone knows your porn tastes? Remember though, if you already do this in Google, that information is already out there. Think of these features you use as public information. That perhaps is what is the most alienating to people, other than everything being opt-out instead of opt-in. The idea that everything you do now is public. This is why we really have to get into better habits, and decide what is OK to share. Another important thing to keep in mind is that if the product is free, YOU are the product. Your tastes, your browsing habits, your searches are all up for grabs for advertising. This is true for Google, Facebook, and anything else that’s free.

See: Why You Should Care About and Defend Your Privacy

Some of this will turn off features you might want to use. If you’re OK with Cortana getting to know you really well, then go for it. Just remember that these are the settings that were changed. Yes, this “disables” Cortana (but not completely, Cortana still runs to enable Start menu searching). Yes, this disables apps knowing where you are. Start as secure as possible, and just keep in mind what information you are freely giving out to a corporation that couldn’t possibly care less about you and your safety, privacy, and security.

Most of this is written with Windows 10 Home edition in mind. Enterprise and Pro might vary.

Note: A lot of this could just be false security. There is nothing to say that changing the random sliders to no will actually turn off the feature. There is also rumblings that now some applications ignore the hosts file, so that one of my suggestions below could be useless. Unfortunately it’s not easy to tell what does and doesn’t work, as all communications to Microsoft are encrypted from your machine. At least we have our personal information securely flowing from our machines.

 My security mantra: Disable everything, re-enable as needed.

First, fix the bandwidth sharing problem. Change Windows Updates:

Windows 10, by default, for some unfathomable reason thinks that you should help out the good of everyone by sharing your bandwidth to help distribute Windows updates. I won’t even go into the security implications of this since that could be an entire scary article on it’s own. The biggest up front problem with this of course is Windows doesn’t have a clue that you are probably are either on a very bad connection, or a metered connection (Until you tell it). As most of us here in the U.S. are about 20 years behind the rest of the world in bandwidth connections, this is pretty surprising. Then again I guess every Microsoft employee can afford a very expensive high speed connection. The rest of us however, can’t.

Anyway, the VERY first thing to do is disable this “feature” and get your bandwidth back:

  1. Go to Start
  2. Click Settings
  3. Click Update & Security
  4. Click Windows Update on the left column if not there already
  5. Click “Advanced options” on the right
  6. Click “Choose how updates are delivered”
  7. Now, either turn this off completely (recommended), or select “PCs on my local network”. I don’t have any other Windows 10 machines on my network, so I turned it off completely.
  8. Go back to the main Settings panel
  9. Click System
  10. Click Offline maps on the left
  11. Turn off Map updates.

While I was installing Windows 10, I was playing a Youtube video on my laptop. As soon as Windows 10 was up and running the video started buffering wildly. As soon as this feature was disabled, the video started playing perfectly normally again.

Second, figure out how much privacy you want:

It disturbs me that more people aren’t up in arms about all this constant draining of anything that’s yours and personal. Sure, this OS version was free, but as far as I know, we never asked for it. We should never be guilt into sharing our data so they can customize ads for us or turn over all the data possible to the government and highest bidder. Anyway, that’s yet another full article to write. The summary of the below section is to turn it all off unless you want a specific feature. Otherwise, below describes what each setting does.

  1. Go to Start.
  2. Click Settings.
  3. Click Privacy.
    1. General
      1. Let apps use my advertising ID for experiences…
        1. This lets apps share your advertising profile, so that ads can be customized more to what you do in each app. I turned this off, because I don’t want to see ads period.
      2. Turn on SmartScreen Filter…
        1. This uses the same SmartScreen filter that is used to check to make sure URLs aren’t going to bad sites, but for Windows Store apps. I left this on.
      3. Send Microsoft info about how I write to help us…
        1. This directly tells Microsoft how your write and type. What this exactly means is unknown. The implications of this is also unknown. If this isn’t grayed out, I recommend setting this to off.
      4. Let websites provide locally relevant content by accessing my language list
        1. This is probably more for other languages than English so that websites can provide ads in your language. I use English, so I just left it off.
    2. Location
      1. The first button changes location capabilities for the OS. This means apps know basically where you are physically. This sounds scary, but the truth is your public IP address (the one you use to connect to the internet) already tells the world where you are. There is nothing you can really do about that, outside of fooling the OS into thinking you are somewhere else by using a VPN or proxy. Keep in mind though, this can and usually does significantly slows down the internet for you. This button is for the entire OS. If you turned that one, each user can still turn it off for them in the next option below.
        1. As described above, this turns on and off location sharing for apps, but the user only setting. This may be disabled if it is turned off for the whole machine.
      2. Location History
        1. Simply clears out where your device has been. Microsoft does store locations for a period of time, but it is unknown how long. This is less important on desktops.
    3. Camera
      1. Let apps use my camera
        1. This does just that, let apps use your camera. This only affects apps from the Windows store. Apps that it affects are listed below. If you turns this off, they won’t be able to use it. This does not affect third party applications. I even have Microsoft’s Skype for Desktop installed and doesn’t depend on these settings. Since I don’t plan on ever using camera related store apps, I have this turned off.
        2. Choose apps that can use your camera
          1. If you turn on the setting above, you can fine tune which apps have access. Turn them on or off as necessary. These will be grayed out if the above option is off.
    4. Microphone
      1. Let apps use my microphone
        1. This is basically the same as the camera settings above. It only affects Microsoft store apps and not other installed applications. The apps it can affect are listed below. This simply allows or denies apps usage of your microphone. Since I don’t ever plan on using microphone related store apps, I have this turned off.
      2. Choose apps that can use your microphone
        1. If you turn on the setting above, you can fine tune which apps have access. Turn them on or off as necessary. These will be grayed out if the above option is off.
    5. Speech, inking, & typing
      1. This is probably the most concerning settings. It is pretty vague about exactly what it is sending to Microsoft. This is also potentially the setting that will collect the most information out of them all. Be aware that this must be enabled for Cortana to work. According to what I have read from Microsoft, this is not sent to Microsoft unless you have the “Send Microsoft info about how I write…” option turned on in the General settings. This option is grayed out for me. I do not know if that is because I am using a local account or not. I personally am on the fence on this one. In reality, there is nothing I would be searching that I don’t care is public information. Never type passwords in the search of course. If you want to play with Cortana, enable it, otherwise, disable it for now and see how things go for you.
    6. Account Info
      1. Let apps access my name, picture, and other account info
        1. This setting just shares your name, picture, and other account information with other Microsoft Store apps. This setting seems harmless, except the “other account information”, which is too vague. It most likely is just other stuff that you have already told Microsoft about such as your e-mail address. If this is on, make sure you are downloading apps that you can trust (which you should be doing anyway). I left this off.
      2. Choose the apps that can access your account info
        1. If you turn on the setting above, you can fine tune which apps have access. Turn them on or off as necessary. These will be grayed out if the above option is off.
    7. Contacts
      1. Similar as above, but interestingly it doesn’t have an “overall” turn on/off option, it’s per app only. I turned all of the app access off, but this may not batter if you don’t store your contact information with Microsoft.
    8. Calendar
      1. Let apps access my calendar
        1. If you use Microsoft’s calendaring service, then you may want this on. If you don’t use their calendar, set to off.
      2. Choose apps that can access calendar
        1. If you turn on the setting above, you can fine tune which apps have access. Turn them on or off as necessary. These will be grayed out if the above option is off.
    9. Messaging
      1. Let apps read or send messages (text or MMS)
        1. If you want other Microsoft store apps to read or send messages, then turn this on. I’m not entirely sure how this integrates with your phone/phone service. I have this turned off as I keep my phone stuff separate.
      2. Choose apps that can read or send messages
        1. If you turn on the setting above, you can fine tune which apps have access. Turn them on or off as necessary. These will be grayed out if the above option is off. Be especially cautious of this setting as it could result in extra charges from your cell phone company.
    10. Radios
      1. Let apps control radios
        1. This lets Microsoft store apps control any radios that you might have connected to your machine, like Bluetooth. I recommend leaving this setting off for now and only turn it on if you want a store app to do this.
      2. Choose apps that can control radios
        1. If you turn on the setting above, you can fine tune which apps have access. Turn them on or off as necessary.
    11. Other devices
      1. Let your apps automatically share and sync info with wireless…
        1. Leave this setting off unless you have such devices that need to sync with your machine. Some TV’s, projectors, etc can make use of this. Remember this setting as you may need to come back later to it. Make sure you are trusting the device you are connecting to.
      2. Other devices
        1. If you turn on the setting above, you can fine tune which device has access.
    12. Feedback & diagnostics
      1. Feedback frequency
        1. I recommend setting this to “Never”. I’m not sure what Microsoft would do with millions of feedback pieces daily, but it is just going to be an annoyance for the average person anyway.
      2. Diagnostic and usage data
        1. This is the scariest setting in the bunch. In Windows 10 Home, you cannot disable this completely. Change it to Basic. This is probably my biggest gripe of these settings overall. I should be able to turn this completely off if I want to. If you are using other editions of Windows 10, there might be a Never option available. “Usage” data is way too vague. NEVER use full mode. Even in their FAQ as linked in that window admits that they receive memory snapshots, which means whatever text you have up on your screen is transmitted, even potentially passwords.
    13. Background apps
      1. This chooses what apps that are listed runs in the background. This is useful if you use it for alarms or calendar (Microsoft’s calendar) reminders. I recommend just turning everything off for now, and then turning back on individual ones as necessary for the functionality you want. This isn’t necessarily for security, but more for resource usage.

Third, turn off OneDrive:

Only do this if you don’t want to ever use OneDrive, which I recommend. I’m still personally 100% against storing your personal data on “the cloud”. Please realize that this “cloud” thing is really just someone else’s sever with a fancy marketing name on it. On the flip side of things however, one drive could be useful for sharing information to the public. Just be diligent and learn how it works.

In Windows 10, OneDrive is shoved in your face and then down your throat. It automatically runs, it sits in the tray, and is in Explorer with no options to remove it.

First, uninstall OneDrive:

  1. Click Start and type “cmd” (without the quotes).
  2. Right click on “Command Prompt” and click “Run as administrator”
  3. For some insane reason you can’t right click in the command prompt window anymore, but simply right clicking will automatically paste what’s in the clipboard.
  4. Run: taskkill /f /im OneDrive.exe
  5. Then run:
    1. "%SystemRoot%\SysWOW64\OneDriveSetup.exe /uninstall" or
    2. "%SystemRoot%\System32\OneDriveSetup.exe /uninstall” if 32bit.

Next, change the next 2 registry settings:

  1. Click start, type in “regedit” without the quotes, right click what matches under Best match and click “Run as administrator”. It should have an icon with a bunch of cubes in a cube with a couple flying off.
  2. Go to the following paths and change the key System.IsPinnedToNameSpaceTree to say “0” by double clicking on them and replacing the one with a zero.
    1. HKEY_CLASSES_ROOT\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\
    2. HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6\

Finally, delete a couple left over folders (copy and paste the % variables into Windows Explorer):

  • %LOCALAPPDATA%\Microsoft\OneDrive
  • %PROGRAMDATA%\Microsoft OneDrive


This is probably the most important of all. You have to stop letting everything just happen and start thinking securely. This includes clearing browsing history and cookies on close. Don’t worry, there are things like Keepass and Lastpass (yes, I know, personal information on the cloud, but better than nothing) to save your passwords and automatically log you in. Set Firefox to always use Private mode, or at least go through and change settings to delete as much as you can stand when you close the browser. It’s not that bad, you will get used to browsing safer.

There are other things you can do, such as not storing your documents on your local computer. All of my stuff is on a NAS. You can also look at using VeraCrypt (was TrueCrypt) to keep your documents encrypted. What’s nice about the program is that you can mount your encrypted files as a drive, so it’s unencrypted when you need them simply by drive access. You can still download the program here: VeraCrypt.

Be really careful and diligent about what you store “in the cloud” (is anyone sick of this cloud crap yet?). While the cloud service companies do have security in their interest, they aren’t some magical internet safe that can’t get hacked. Even Amazon’s E2 cloud has been hacked before. Don’t store information that identifies you, passwords, usernames, etc in the cloud unencrypted, or preferably at all.

Fifth, don’t use an administrator account!

It’s so important, I made it a bigger bolder heading. Now is the time to convert your normal account to a user account, and make a new administrator account. By default, Windows sets you up as administrator. Convenient, but VERY insecure. This is a holdout since the early Windows days, when Microsoft was completely clueless about multi-user systems and anything about security. This problem exists to this day.  As Windows software programmers got used to this and got incredibly lazy about it, it has come to be expected that you are administrator. You should always question applications that need administrative access to your system.

Be aware, this DOES greatly affect how you use Windows. Now whenever there is a system change, it will prompt you for the administrator account credentials. This is a GOOD thing. This way, nothing can normally modify the system unless YOU let it. This means you should be double checking and asking WHY it needs administrator rights.

  1. Go to start, type run. Click the “Run” item that shows up (If you have Windows 10 Pro or Enterprise, navigate to Computer Management Users area instead of below).
  2. Type “control userpasswords2” (Yes, this is seriously and laughably the ONLY way to create new local accounts in Windows 10 Home).
  3. Click “Add”.
  4. Click “Sign in without a Microsoft account (not recommended)”.
  5. Click “Local account”.
  6. Type in the user name that the Administrator account will be. Don’t use the word “Administrator” though.
  7. Type in a GOOD longer password. You can even use a pass phrase. REMEMBER THIS PASSWORD! You will need it from here on out a LOT.
  8. Type in a password hint. Make it as vague as possible, or just the letter “a” or something. That’s another baffling thing, the requirement to make guessing your password easier by providing a plain text hint. Smart.
  9. Click Next, then Finish.
  10. The newly created account will be part of the Users group, no system rights. Highlight the account created and click “Properties”.
  11. Click the “Group Membership” tab.
  12. Select “Administrator”.
  13. Click “Ok”.
  14. Now select your normal user account, do the same thing, except select “Users”.
  15. Click “Ok” again to close everything out. It will ask you if you want to log out to apply the new settings. You don’t have to do this right away, but do it soon.


From here on down, the tin foil hat gets really big. Honestly, until we find out more about what is going on, you are perfectly fine stopping here. If you are really paranoid though, you can keep going.

Add Microsoft related hosts to your hosts file:

This is going to be the best defense against the CONSTANT communication to Microsoft’s mother ship servers. The communications are encrypted, which is a good thing if you look at it that way. The other way that I look at it is that means we have NO IDEA what sort of information is being pumped over to Microsoft. Go ahead, load up Wire Shark and run it on your Windows 10 box, MOST of the packets going out are going to Microsoft servers (and Akamai, which is a service Microsoft uses). This does not disable Windows Update communications.

First, run Notepad as administrator:

  1. Click Start, type in: Notepad.
  2. Right click on the “Notepad” that shows up and click “Run as administrator”
  3. Go to File, Open.
  4. Navigate to: c:\windows\system32\drivers\etc\.
  5. Change the file filter from “Text Documents (*.txt)” on the bottom right to “All Files”
  6. Double click or open “hosts” that shows up.
  7. At the bottom, copy and paste the following in:
    1. #fix for network status and diagnostic tools

Save and quit Notepad.

Huge thanks to “Byte My Bits” on YouTube for pointing me to most of these entries, and this thread for more.

Keep in mind, this will disable a LOT of services, like Cortana and OneDrive. It’s a tradeoff. If you want security or fancy features that you don’t really need. You can go through and comment entries out if you want certain services to work, but you will have to Google for what you need.

Delete a couple services:

Run a command prompt as Administrator:

Click Start, type CMD, and right click the result and click “Run as administrator”, then type the following in:

sc delete DiagTrack
sc delete dmwappushservice

These are part of the diagnostics that are sent to Microsoft.

Disable WiFi Sense:

WiFi Sense is another of the many controversial topics of Windows 10. It automatically shares your WiFi network key to your friends. When looking at it, it might actually be more secure than giving out your password which may be then given out again to their friends. This way they never see the password. I personally don’t have friends over that I don’t trust (does anyone?), so I disabled this.

  1. Click start, type in “regedit” without the quotes, right click what matches under Best match and click “Run as administrator”. It should have an icon with a bunch of cubes in a cube with a couple flying off.
  2. Navigate to: HKEY_LOCAL_MACHINE\Software\Microsoft\WcmSvc\wifinetworkmanager
  3. Right click on the right pane of that key, and go to New, DWORD (32-bit value). It will create a new line, type “WiFiSenseCredShared” (without the quotes) and press enter or click in the empty space of the window to set the name. Repeat this step again but type “WiFiSenseOpen”. You should now have 2 new REG_DWORD entries that say 0x00000000 (0).

Start playing with and getting to know Linux

Yes, I’m dead serious about this. It’s time to let vendors know what we want choices and alternatives. Linux has come an exceedingly long way in usability, and I HIGHLY recommend starting with Linux Mint. Linux is inherently more secure, as it was designed to be a secure multi-user system from the beginning. It also has no reason to phone home to the mothership at all. I also recommend doing this in a VirtualBox Virtual Machine first, before wiping Windows. See what works for you and what doesn’t. At some point, you can do the reverse, Use Linux as your main OS and run Windows as a virtual machine. That will be infinitely better. I am a fan of the Cinnamon release version, but all of their releases are fantastic. They use Ubuntu in the back end, which means most, if not all Ubuntu fixes/support work the same in Mint. This is a very good thing as that means there is a massive community out there to help. When was the last time Microsoft Support was actually useful?

Keep an eye on this post. I plan to add more in the future!

Old Beginners Networking Tutorial

I was cleaning out some of my files in my network storage and found an old article I had written for a site long ago in a distant galaxy far far away. It was created September 17th, 2005. 10 Years have passed, and a lot of things have changed, so it’s not as relevant anymore; but some of it is still applicable. Either way, it kind of shows off some of my earlier writing skills. I almost deleted it to be lost forever, but decided to post it on here first so at least can catch it, or maybe someone might find it useful. Keep in mind though, this was written in Windows XP days, so that part isn’t useful anymore. Also, there were pictures in the original post, but those are long gone.




By popular demand I present “Mike’s Complete Networking Tutorial”. I will cover the hardware and software needed to make several different types of networking for the home. It will cover cheap and simple equipment and the necessary software settings you will need to make it work. For now, the software will only cover Windows. I will add Linux as an update later. If someone wants to help me add support for Mac (using TCP/IP) send me a message will all the info I need and some screen shots. As for hardware I will reference Linksys for the most part (my favorite wired devices). I will be general in the wireless device field because Linksys is lacking (except the routers which are still decent). Please do not skip the definitions section. These are important in understanding what everything means and does. A lot of your questions will probably be answered just in that section. There is a LOT of stuff here, but don’t be intimidated. This tutorial is meant to cover all possible scenarios, and your network will only fall into one or two sections.

This tutorial will teach you:

  1. How to do a simple 2 computer network with 1 cable (with internet sharing).

  2. How to do a simple 2+ computer network with some cables and a hub/switch (with internet sharing).

  3. How to do a simple network with 2 wireless devices in Ad-Hoc mode.

  4. How to do a simple network with 2 or more wireless devices.

  5. Simple networking understanding and how they work.

  6. Sharing files and printers on a network

  7. Some basic troubleshooting


First it is important to understand what you are doing. Here are some basic definitions. There will be some things missing in these definitions because I am trying to keep them simple.

  1. Ethernet cable – This is the cable you use to carry information from one computer to the next or from device to computer. It is also called CAT5 because that is the type of cable used.

  2. Crossover Cable – This is a type of Ethernet cable used between 2 computers (or between two routers, etc.). The RX and TX pins are crossed.

  3. Patch Cable – This is a type of Ethernet cable used between a computer and a device.

  4. Network Card (or NIC) – This is the device that interfaces your computer to the network. It is usually internal in the form of PCI (sometimes special form factors) or external as a PCMCIA card or USB. It is a bad habit to call it a “NIC Card” because the word card is redundant (Network Interface Card), so don’t get into that habit. These can be wired or wireless.

  5. RJ45 – This is the type of jack network cables we are discussing here use. It looks exactly like a telephone plug (RJ11) except wider. RJ11 has 4 pins and RJ45 has 8 pins.

  6. MAC Address – A unique identifier that all network cards and network devices have. The MAC Address becomes very important in Networking.

  7. Packet – The little bit of information that is sent across your network. Computers and devices send (a lot) of thee constantly back and forth to communicate.

  8. Router – A device that connects two different types of networks together. This is commonly used in homes and businesses alike to connect their network to the Internet. A router translates packets from one form to another so your network can understand them. Home routers usually also act as switches.

  9. Hubs – A device that splits the network into multiple sections so you can plug more devices into it. You can’t just splice an Ethernet cable and add connectors (in this particular type of network, this does not apply to bus/ring type networks). You have to have a device that can forward packets. A hub just receives a packet through one port and automatically forwards it to all of the other ports. Hubs are not usually used today because that creates a lot of unnecessary traffic, and switches have become affordable (some corporate networks still use hubs but I won’t go into why here).

  10. Switches –Switches are really smart Hubs. Instead of just forwarding all the packets it gets to every port it has, it reads the packet for the MAC address, and forwards it to the corresponding port (the switch learns the MAC address of the device plugged into any port).

  11. Wireless – Refers to the transmission of packets over radio waves.

    1. Ad-Hoc – This refers to wireless networking only between two devices

    2. Infrastructure – This refers to wireless networking between an access point and several devices.

    3. 802.11a – The standard at which wireless transmits and receives at 54mb/s (but has very limited range).

    4. 802.11b – The standard at which wireless transmits and receives at 11mb/s.

    5. 802.11g – The standard at which wireless transmits and receives at 54mb/s.

  12. TCP/IP this is the protocol suite used to communicate over most home and business networks and over the internet. This is where IP addresses come in.

  13. IP Address – A number assigned to your computer so your network knows who is sending what to whom.

  14. Subnet Mask – I won’t go into exactly what this is, just be aware it exists. For basic networking you will only be using

  15. DHCP – This refers to a device getting an IP address assigned to it automatically. This is taken care of by some sort of a DHCP server (router, etc).

I can do deeper into the whole networking thing and I will if I create an advanced networking tutorial.


First we will need to determine what kind of network we want. I will use scenarios for this, chose the best scenario for your application. First and foremost in any scenario you have to have a free network card (not in use) in each device.

Network Cards:

Selecting the right network card for the job is important. I will not go into installing these as it varies between cards and adapters and computers. Consult the adapters manual.

  1. If you have a desktop computer, you will probably want a PCI network card (if it isn’t built in already). If you don’t have a slot free, you can also purchase an USB network adapter. Try to go for the PCI card first. This can be the wired or wireless variety. Try to get a 10/100 card (gigabit still isn’t very useful for this yet), or 802.11g capable wireless card.

  2. If you have a laptop computer (an older one, all new laptops have them built in) then you will need a PCMCIA network card or USB adapter. Try to get a 10/100 card (gigabit still isn’t very useful for this yet not to mention being too expensive), or 802.11g capable wireless card.


Try to get a wireless router (that has a switch built into it). This is important for future expandability. If you don’t have a laptop or any wireless devices now, you may want to get one in the future. If you don’t buy a wireless router now then when you get a laptop you will have to have it wired (thus no roaming freedom). If you get a wireless device you will have to buy a new router anyway. It is worth to spend the extra $20 to have that functionality from the beginning. I recommend Linksys routers, and I recommend staying away from Microsoft and SMC routers. I recommend Netgear second and Belkin third. Make sure you get a router that has multiple wired ports and 802.11b/g technology. MIMO (Multi-In, Multi-Out) is a new technology that will not be covered here, although it should be about the same setup wise.


I recommend a Linksys switch even though any brand switch should be efficient. I wouldn’t recommend getting a gigabit switch. It will offer you no improvement. Even if you have gigabit network cards and switches, and CAT5e/6 cable, you still won’t notice any difference from 100mb/s networks unless your streaming video to a large number of computers or something. Home switches work right out of the box.

Scenario 1: You have 2 computers. You just want to network them together to transfer files and/or share a printer. If you have a modem to the internet also connected to a computer you also want to share the internet.

This is the simplest type of network. All this requires is a free network card on each computer and a crossover cable. You can buy one at your local computer store, or make one if you have the tools or have a friend who does (cheaper). Plug in the cable to each computer and hardware wise your done! Now see the software section on setting up the network in Windows for static IP addresses.

EXCEPT: If you are sharing a network connection, set up the computer that is connected for Internet Connection Sharing and the other devices to receive DHCP.

Scenario 2: You have more than 2 computers, or you have 2+ computers and a network printer or other device (game console, etc).

NOTE: You CANNOT connect your broadband modem directly to your network. You must have a router between your network and your modem (See scenario 3).

Here you will need the same number of patch cables (of long enough length) as you have computers and other network devices. If you have 2 computers, then you need 2 patch cables. If you have 4 computers then you need 4. This also applies to game consoles as they use the exact same network. Each network device needs a network card. You will also need a hub or switch to connect them all to. If you go to your local computer store you will only see switches. If you can buy a switch, do that. You can find used hubs for cheap, but your network performance will be slightly impacted. Connect all your devices to the switch (but not in the uplink port). See the software section on setting up all your computers to talk to each other using static IP addresses.

EXCEPT: If you are sharing a network connection, set up the computer that is connected for Internet Connection Sharing and the other devices to receive DHCP.

Scenario 3: You have a couple of computers and have a broadband Internet connection.

There are a couple of ways you can go about this. You can connect the broadband modem directly to one computer and use scenario 1 or 2 for the rest of your network (the computer then acts as a router). This however has 2 major downsides. If you turn off this computer, the rest of the devices will have no Internet connection. This also puts your computer up front and vulnerable to more attacks from the internet. You will also need two network adapters if your broadband modem uses Ethernet.

The best way to do this is get a router and connect your modem directly to the router, and the connect the router to the rest of your network. Most home routers have a switch built in, so all you will need is same number of patch cables as devices and a router. The best part of this is that the router provides a good solid hardware firewall. This is very important to have. The downside of course is the cost. Look to spend about $60 for a good Linksys router.

If you have cable Internet, just plugging in your router (once your new connection is registered) should work out of the box. Cable (Comcast, etc) uses DHCP to assign TCP/IP addresses (this is the default WAN network settings in most home routers). If you have DSL, you will have to consult the router manual on how to enable PPPoE.

All you have to do here is connect the patch cable to each device and into the router. Plug a patch cable between the modem and the WAN port of the router (or Internet port). Once you have your hardware connected see the software section on how to set up each device for DHCP.

Scenario 4: You have 2 wireless devices (not routers) and you want to network them together to share files and printers.

You don’t need any hardware here other than the 2 wireless cards. See the software section on wireless networking in Ad-Hoc mode.

Scenario 5: You have 1 or more wireless devices and a broadband connection you want to share, or you have more than 2 wireless devices you want to share on the network.

For here you will need a wireless router to go between your network and your broadband modem, or just to act as a switch for your wireless network. Plug everything in and see the software section on DHCP for wireless networking.


This section will cover how to do things in Windows 95/98/98se and XP/2K except for wireless networking. Those sections will be exclusively for XP/2K because the wireless networking has been vastly improved over 98se. Windows ME in this respect is the same as Windows 98se, however I don’t recommend using this OS at all anyway. See the appropriate section that the scenario refers to. Because wireless devices vary so much between each one I won’t go into setting them up here (routers, access points, etc). Consult the manual for that. However, if you are incorporating a wireless router, I do STRONGLY recommend securing the wireless portion with WEP 128bit security (I do not recommend WPA even though it is better because there are still too many devices out there that can’t do WPA).

Internet Connection Sharing

If you are sharing the Internet connection from a computer to your network (not recommended, but necessary if sharing 56k), then you have to have an OS that supports ICS. Windows 95/98 does not do this. However, Windows 98se/XP/2K/2K3 do. First identify what network cards you have, and where they are connected. Make sure you have the drivers installed for all cards.

In Windows 98se you will probably need to install ICS.

  1. Go to Start -> Settings -> Control Panel -> Add/Remove Programs -> Windows Components -> Select and install Internet Connection Sharing (You will need your CD)

  2. Restart if needed

  3. The wizard should launch afterwards.

  4. First choose the type you need. If you are sharing a 56k modem choose the first option, if you are sharing cable or DSL choose the second option

If you have broadband:

  1. Now it will ask you to select the adapter that is connected to the Internet. Make sure you chose the right adapter. If you chose the wrong one you will just have to go through the setup again. Normally the first network card or the onboard one is #1, and the second one is #2.

  1. Now, press next and you can skip the Network Setup disk.

  2. Set up all the other clients for DHCP. See DHCP for wired networking

Windows XP/2K/2K3 ICS:

You can do this two ways, the wizard or manually. Here we will go manual (you learn more that way). This can also apply for wireless networking.

  1. Go to Start -> Control Panel (or Start -> Settings -> Control Panel for classic start menu)

  2. Go to Network Connections

  3. Right click on the adapter that connects to the internet (dial-up or broadband) and click Properties and then click the “Advanced” tab

  4. Check “Allow other network users to connect through this computers Internet connection.”

  5. Then select the right network adapter that is connected to the network

  6. Set up all the other clients for DHCP. See DHCP for wired networking or wireless networking (whichever applies at this point)

Note: When setting up ICS, Windows default makes the shared computer’s IP address

Wired Networks: Static IP

This is the hardest part of this networking (it’s not very hard). You only need to do this because there is no DHCP server available. Windows by default is set to use DHCP. So here we have to change it to assign the machine its own IP instead. Before we continue, map out what machine has. For now we will stick with the IP address range of through with a subnet mask of Each machine must have its own number. For example, the first machine can be and the second can be, etc etc. Don’t change any of other numbers.

Windows 95/98/98se

  1. Go to Start -> Settings -> Control Panel -> Network

  2. Right click on the network adapter and click Properties

  3. Click once on the TCP/IP protocol that is bound to your adapter.

  4. Click Properties

  5. Click on the IP Address tab and click “Specify IP Address”

  6. In the IP Address field put in the assigned ip ( for example)

  7. Then put in the Subnet mask field.

Windows XP/2K/2K3

  1. Go to Start -> Control Panel

  2. Open Network Connections

  3. Right click on the network adapter and click Properties

  4. Click once on the TCP/IP protocol and click Properties

  5. Click “Use the following IP Address”

  6. In the IP Address field put in the assigned IP ( for example)

  7. In the Subnet mask field put

  8. Leave everything else blank, if they have stuff in them, erase them.

Do this for all of the other static IP computers.

Wired/Wireless Networks: DHCP

Here we are only going to ensure that the Windows default is still in place. Normally a network that falls under this category should “just work”, but we will make sure it will work.

Windows 95/98/98se

  1. Go to Start -> Settings -> Control Panel -> Network

  2. Right click on the network adapter and click Properties

  3. Click once on the TCP/IP protocol that is bound to your adapter.

  4. Click Properties

  5. Click on the IP Address tab and click “Obtain an IP address automatically”

Windows XP/2K/2K3

  1. Go to Start -> Control Panel

  2. Open Network Connections

  3. Right click on the network adapter and click Properties

  4. Click once on the TCP/IP protocol and click Properties

  5. Click “Obtain an IP address automatically”

  6. Click “Obtain DNS server address automatically”

  7. If this is a wireless network with WEP, double click on the small wireless icon in Windows tray and connect to the appropriate network. It will ask you for the WEP key.

Do this for all other DHCP wired computers.

Wireless Networks: Static IP Ad-Hoc

See the wired networks Static IP to set the IP for your wireless adapter; however, you will need to set your adapter into Ad-Hoc mode.

  1. While you are in the properties of your wireless adapters after you set up their IP addresses, click the “Wireless Networks” tab. Then click the “Advanced” button near the bottom. NOTE: If the first box “Use Windows to configure my wireless network settings” is NOT checked then consult your wireless cards software for enabling Ad-Hoc mode.

  2. Click “Computer-to-computer (ad hoc) networks only”

  3. Click Close

  4. Do this on the other computer. Your computers should see it and connect.

Sharing Files:

In order for the computers to “see” each other in “My Network Places” they need to have something shared. This process is very simple.

Windows 95/98/98se:

Make sure that File sharing is enabled.

  1. Go to Start -> Settings -> Control Panel -> Network

  2. Right click on the network adapter and click Properties

  3. Click “File and Print Sharing”

  4. Check the first box for file sharing, and the second if you want to share printers.

  5. Follow the rest of the instructions for Windows XP as it is basically the same in 98.

Windows XP/2K/2K3

  1. Open “My Computer”

  2. Open the harddrive that contains the folder you want to share

  3. Right click on the folder and click “Sharing” or “Sharing and Security”

  4. Click “Share this folder” or “Shared As”

  5. Click Ok

  6. Do this on any other computer that you want to share.

Sharing Printers:

Windows 95/98/98se

Make sure that Printer sharing is enabled.

  1. Go to Start -> Settings -> Control Panel -> Network

  2. Right click on the network adapter and click Properties

  3. Click “File and Print Sharing”

  4. Check the second box for print sharing, and the first if you want to share files.

  5. Go back to Control Panel and open “Printers”

  6. Right click on the printer you want to share and click “Sharing”

  7. Click “Shared As”

  8. Click Ok

Windows XP/2K/2K3

  1. Go to Start -> Control Panel -> Printers and Faxes

  2. Right click on the printer and click “Sharing”

  3. Click Share this printer

  4. Click ok

Installing Network Printers:

Windows 95/98/98se/XP/2K/2K3

  1. Go to “My Network Places” and browse to the computer with the shared printer

  2. Double click on it to add it. Follow the defaults steps.


If you are not getting any communication between the computers first make sure of a few things. Make sure the hardware is connected and all the necessary lights are on. If you have a static IP network make sure both computers have different static IP’s and are setup to have static IP’s. If it is a DHCP network, make sure they are all assigned to DHCP with the exception of any internet connection sharing host which will be static. You can use a couple of tools to do this.

Windows 95/98/98se

  1. Start -> Run -> type winipcfg

  2. Make sure the correct adapter is selected on the top

Windows XP/2K/2K3

  1. Start -> Run -> type CMD

  2. Type ipconfig /all

I won’t go into advanced troubleshooting. Please post any problems you have on the board and someone or I will do their best to answer. Include as much detail as you possibly can, including the OS you are using and the details of the network you have set up.

Ok, that wasn’t so hard was it? Any questions or comments please let me know on the boards! Happy networking!

Raspberry Pi: Saving Power

In some cases saving as much power as possible is very attractive. Unfortunately I won’t have any real figures, but I have posted the links of others who have done the changes.


1. Run your Pi headless? Disable HDMI! This is reported to save about 20mA of power.

sudo /opt/vc/bin/tvservice -o

Note: Don’t forget you did this if you have to go troubleshooting with a monitor! Also, this doesn’t survive a reboot. I would recommend maybe adding the command to run once in your crontab a while after booting.

crontab -e

@reboot at now +30 minutes -f /opt/vc/bin/tvservice -o

Note: Make sure the “at” command is installed, run “sudo apt-get install at” if not.


2. If you don’t need USB or the network adapter, you can disable both of those in one shot. This is reported to save a whopping 200mA of power.

echo 0x0 > /sys/devices/platform/bcm2708_usb/buspower

To re-enable the functionality:

echo 0x1 > /sys/devices/platform/bcm2708_usb/buspower

This might be very useful for projects that only need to “phone home” every so often so that battery power is conserved when it doesn’t need to talk to anything.


3. Down clock the CPU. No power figures are available yet, but being that the processor running slower will run cooler and use less power as usual, this will save at least some power and have the side effect of extending the life of the Pi. Edit /boot/config.txt and add the following lines anywhere (and make sure none of these are already defined):


Reboot to take effect. I did this myself, and here are the results:

Before reboot:
pi@raspberrypi ~ $ sudo cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_cur_freq

After reboot:
pi@raspberrypi ~ $ sudo cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_cur_freq

I noticed that the SSH session runs slightly slower, but running programs seem to still function ok. Your mileage may very, and the numbers can always be tweaked.





Windows 10: Remove OneDrive From Explorer

I’ve had Windows 10 installed for all of 10 minutes now, and I’ve already had to look up a tweak to get rid of an annoyance, OneDrive. I personally don’t believe in using the cloud to store my personal information. It’s just too easy to get hacked and stolen, and let’s not even talk about the NSA. I trust nobody.

Anyway, there are a couple things you can do to get rid of OneDrive from ever showing up. First is to stop if from auto-starting up. As with Windows 8.1, you can go to Task Manager, choose the Startup tab, and disable it there. It will still show up in Windows Explorer though. Happily there is a very simple fix, although it involves editing that nasty registry.

Open regedit in the usual fashion, and navigate to these two keys:



In each of these keys, there is the same DWORD key System.IsPinnedToNameSpaceTree. Change that key to 0 from the default 1.

That’s it!

Big thanks to this thread for the information: Remove OneDrive from the Explorer Side Panel in Windows 10

PowerShell: Scripted RoboCopy

Sometimes you might have a server on a weak network link, or even a remote server with a slow connection. CommVault and other backup suites a lot of times will have difficulty dealing with these slow links and timing out. This is where the good ol’ robocopy program from Microsoft themselves comes in handy. Of course you can just run RoboCopy straight as a scheduled task, but you might want to get better tabs on what’s going on. One was to do this is through the PowerShell. It’s also a great script to get started with the powerful PowerShell and learn some basics. This script in particular backs up an entire partition (ignoring some system folders) which just hosted data to a centralized server and then e-mailed someone about the outcome and why. It also makes a log of everything it did, then keeps the logs in check so they don’t get out of control. Take a look, copy, paste, and enjoy!

#Function to define how to send an email. Must be available to the account used by the script.
function sendMail($message){
    #SMTP server name
    $smtpServer = ""
    #Creating a Mail object
    $msg = new-object Net.Mail.MailMessage
    #Creating SMTP server object
    $smtp = new-object Net.Mail.SmtpClient($smtpServer)
    #Email structure
    $msg.From = ""
    $msg.ReplyTo = ""
    $msg.subject = "ServerName Backup"
    $msg.body = $message
    #Sending email

$logpath = "c:\log\robocopy-$date.txt"
$date = Get-Date -UFormat "%Y%m%d"
If (!(Test-Path $logpath)){ New-Item -ItemType file $logpath }
$timerun = Measure-Command {$process = Start-Process robocopy -ArgumentList "d:\ \\remoteserver\remoteshare /np /mir /mt64 /log:$logpath /xd 'D:\System Volume Information' 'D:\$RECYCLE.BIN' 'D:\RECYCLER'" -wait -NoNewWindow -PassThru}
$log = Get-Content $logpath -raw

if ($process.ExitCode -eq 0) {
        sendMail("Successful. Exit code 0. No files were copied. No failure was encountered. No files were mismatched. The files already exist in the destination directory; therefore, the copy operation was skipped. Backup completed in $timerun")
    elseif ($process.ExitCode -eq 1) {
        sendMail("Successful. Exit code 1. Backup completed successfully in $timerun")
    elseif ($process.ExitCode -eq 2) {
        sendMail("Successful. Exit code 2. There are some additional files in the destination directory that are not present in the source directory. No files were copied. Backup completed in $timerun")
    elseif ($process.ExitCode -eq 3) {
        sendMail("Successful. Exit code 3. Some files were copied. Additional files were present. No failure was encountered. Backup completed in $timerun")
    elseif ($process.ExitCode -eq 5) {
        sendMail("Successful. Exit code 5. Some files were copied. Some files were mismatched. No failure was encountered. Backup completed in $timerun")
    elseif ($process.ExitCode -eq 6) {
        sendMail("Successful. Exit code 6. Additional files and mismatched files exist. No files were copied and no failures were encountered. This means that the files already exist in the destination directory. Backup completed in $timerun")
    elseif ($process.ExitCode -eq 7) {
        sendMail("Successful. Exit code 7. Files were copied, a file mismatch was present, and additional files were present. Backup completed in $timerun")
    elseif ($process.ExitCode -eq 8) {
        sendMail("Warning. Exit code 8. Several files did not copy. Backup completed in $timerun")
    else {
        sendMail("Error. Backup did not complete successfully." + "`r`n`n" + $log)

#Now clean up log history so it doesn't get overgrown.
$Now = Get-Date 
$Days = "14"
$TargetFolder = "c:\logs"
$Extension = "*.txt"
$LastWrite = $Now.AddDays(-$Days)
$Files = Get-Childitem $TargetFolder -Include $Extension -Recurse | Where {$_.LastWriteTime -le "$LastWrite"}
foreach ($File in $Files) {
    if ($File -ne $NULL) {
        Remove-Item $File.FullName | Out-Null


Ubuntu 14:04+: Creating a VERY jailed user with jailkit

I have many hobbies I dabble in, one of them is vintage computers, and the other is vintage phones. I have an Asterisk server with a special card that connect to some of my vintage phone gear. I also have vintage computers that I could use to play with modems and act as a phone company of sorts. Of course Asterisk is digital and that introduces some problems, but that’s another story for another article far far away. I have a server set up as a dial-in server (as in I can dial the server’s modem extension as it is connected to one of the ports of that special card mentioned earlier). I wanted to make a dial in server that can serve DOS and CP/M files, but not in a BBS form as I didn’t want or need the complexity of a full BBS system. Sure, there are a few downsides like someone could hang on the line forever if they wanted to. Being that this sort of thing is becoming more and more obscure, I’m not too worried about that. I am however worried about making it public and having someone come in and mess with and break the system. After some research I found some interesting software called jailkit. This does exactly what I needed. This is also useful for creating very restricted users on servers for other projects.

For example, my dial in user only has access to the XMODEM and ZMODEM commands that you can install in Linux, and CD to change directories. The jailed user can’t do anything else except change directories around in the jail itself, and transfer files the old fashioned way. Now, my usage case is pretty extreme (and probably a bit weird), but it’s a good example of how locked down you can get.

Before I begin, a huge thanks goes out to “gs69azza” and his forum post here. Most instructions I found on Google don’t work for the newer versions of Ubuntu. There was always something weird that would stop me in my tracks.

First, download and unpack the latest version of jailkit (the the time of this post, it is 2.17. Change the link as necessary to get the latest (see the jailkit link above):

cd /tmp
tar xvfz jailkit-2.17.tar.gz
cd jailkit-2.17

Now, compile and install:

sudo make
sudo make install

Next, make a jail. You can really put it anywhere you would like but do not put it in /home. This will confuse yourself and jailkit.

sudo jk_init -v -j /jail ssh

Next create the new home directory environment for users:

sudo mkdir /jail/home

Create a group in the jail to link the users that will be made to a “users” group. Create /jail/etc/group and add this line:


After that, we need to create a jail user in etc/password so we can define the shell to log in to. This example uses “jailuser”, but of course you can name it whatever you would like. This is the first place you must edit when creating a new user for the jail. Edit /etc/password and add the user as below:


Now, create the same user you created above in the jail itself. Create /jail/etc/passwd and add the following:


Now that that is done, we need to edit the shadow to include the new user. Edit /etc/shadow and add:


Of course, change jailuser to whatever user name you would like.

Next is to change the password of the new user:

sudo passwd jailuser

Now that the shadow file has been updated, copy the shadow files so that the jail is synced with the system:

sudo jk_cp -v -f /jail /etc/shadow
sudo jk_cp -v -f /jail /etc/shadow-

Next create the new user’s home directory:

sudo mkdir jailuser
sudo chown 2000:100 jailuser

Now we will need to copy over commands that you will want your users to use in this jail. The post linked above has a much bigger list, but here are some examples for some basics:

sudo jk_cp -v -f /jail /bin/bash
sudo jk_cp -v -f /jail /bin/ls

Note: bash is required, but don’t worry, they can’t use the chroot trick to break out of the jail with the bash command. ls is optional.

Keep issuing similar commands to copy over the software you want the jailed user to run. For example, If you want them to edit files, you have to copy over an editor. The jk_cp script also copies over the libraries needed to run the programs. There are a couple special cases:

(optional) Create /proc in jail for ps to work:

cd /jail/
sudo mkdir proc
sudo mount -t proc none /jail/proc

(optional) Set permissions for sudo to work:

sudo chown root:root /jail/usr/bin/sudo
sudo chmod 4755 /jail/usr/bin/sudo
sudo chmod u+s /jail/usr/bin/passwd

That’s it! Now log in as that user and make sure everything works. Check out /var/log/auth.log if you are having any issues. For example, I had an extra space character after the shell path in /etc/passwd which was preventing log in.

There are many things you can do with this setup. For example, I created a .bashrc for my user (as root so that the user couldn’t edit it), and added the following lines to hide more of the system, and enable a “help” command which is a very simple script I created that just tells the user what they actually can do. It also customizes the command prompt they get.

shopt -s checkwinsize
shopt -u mailwarn
alias help='/bin/help'
PS1="\u@\W> "

Note: The “help” script is actually in /jail/bin/help. For things that are sitting inside the jail, the paths are as if /jail was the root. The help script also overrides the standard “help” command.

Also, to remove more system identification (and for other reasons), I completely disabled the standard MOTD system wide. See this post: Ubuntu 14.04+: Disabling Login Messages (MOTD).

If you don’t want to do it system wide however, and want to disable the messages for the user, create .hushlogin in their home directory:

sudo touch .hushlogin

Finally, my last requirement was to be able to serve DOS and CP/M files so that it is possible to xmodem them over (great for recovering an old system). Of course, it would be silly to duplicate the files over just for the jailed user. However, you can’t directly mount an NFS share to the user jail either, but you CAN do a bind mount! I use autofs to automatically mount my NFS file server to a directory in /mnt on the dial in server. Then I use a bind mount in fstab to make the directories I want available to the jailed user. Here is an example of an entry in fstab that makes this possible:

/mnt/fileserv/data/Software/CPM /jail/home/jailuser/cpm     none    bind,_netdev    0       0

Note: _netdev is super important in this line, don’t forget it! If you don’t have fstab wait for the network to become available, and you reboot the machine, it will hang trying to mount those directories (ask me how I know!).

Note 2: Don’t forget to make the directories to mount to (e.x. /jail/home/jailuser/cpm).

You can go pretty far down the jailed user rabbit hole. The jailkit homepage has lots of great documentation for doing more with it.

Ubuntu 14.04+: Disabling Login Messages (MOTD)

In an earlier post (Ubuntu 14.04+: Changing Login Messages), I showed you how to modify, change, or even disable parts of the big long MOTD (Message of The Day) that you get with default Ubuntu. Admittedly, some of the information is useful at a glance. I have a pretty good pulse on my own Linux servers (since there is only a couple), so I don’t really need or want the messages. So, after a quick Google search I found this post that describes disabling the message for SSH through PAM. It’s pretty simple.

Just edit /etc/pam.d/sshd and comment (using the # sign) the following two lines:

session    optional  motd=/run/motd.dynamic noupdate
session    optional # [1]

Save your changes, and you’re done! Now all you see when you SSH in is the last login time. Much faster.