HOEI

Window has the blue screen of death and Mac has the gray screen of death. This is my second trip through the forced reboot process on my MacBook Pro. The first time I was reading email in Entourage. The screen froze and a gray opaque curtain scrolled down from the top and the the following image appeared.  There was nothing to do except follow the instructions on the screen and power down using the power button. I captured a picture of the screen with my Droid.

My second appearance of the Apple MacBook Pro Gray Screen of Death appeared while working in iPhoto and right-clicking to select the “Show File” option.  Once I reboot the machine the following error report option appeared.

In the comements I entered the following:

“I got the Mac gray screen of death and it gave me no choice but to reboot. This is my second gray screen of death on this MacBook Pro. I feel like I’m using a Microsoft Windows again with a gray screen of death replacing the blue screen of death.”

It seems as though Apple and Microsoft are cut from the same cloth…but in different colors.

Here are a few tips on how to change your Network Interface card IP address setting from the command line. Why? Well, as a network security engineer there can be a number of reasons that require switching between network segments many time in a day. I might have to move my laptop off into a DMZ to verify connectivity after making Firewall changes. Most of these segments were not running a DHCP server and required that I manually set the IP, Default Gateway, subnet mask, and sometime the DNS settings.  So running a ipconfig release and renew was not going to do it.  Then I might have to switch back to a segment running DHCP.  I was often running from the command line anyway to execute ping and tracert. I also use SSH from the Windows command line to access routers, switches, and firewalls so it just made sense to switch IP settings from the commandline.  Here is how I do it:

1. Create folder a in My Documents called “ip”
2. Inside of that folder create as many batch files as required to meet your needs

Example Batch (.bat) file used to switch from static IP back to DHCP.

netsh interface ip set address name=”Local Area Connection” static 192.168.10.200 255.255.255.0 192.168.10.2 1
netsh interface ip set dns “Local Area Connection” static 192.168.16.102 primary

Note: this file only contains two lines (each beginning with “netsh interface”)

Each of your Ethernet adapters will be listed as “Ether adapter [some name]:” The portion between the [brackets] is what you enter between the “quotes” after name=.

Below is an example of how to set a static IP address, subnet mask, default gateway, and DNS.

netsh interface ip set address name=”Local Area Connection” static 192.168.10.200 255.255.255.0 192.168.10.2 1
netsh interface ip set dns “Local Area Connection” static 192.168.10.102 primary

I create as many of these as needed and name the bat files something that makes sense to me for the job I am on. My bat files might be named;

• DHCP.bat
• homewireless.bat
• siteFWinside.bat
• siteFWoutside.bat
• siteDMZ1.bat
• siteDMZ2.bat

If you put your ip folder in your path then you can execute the bat files from any directory on the command line.  You can also put bat files on your desktop and create keyboard shortcuts as well. I put a copy of my DHCP.bat on my desktop and assign it a Ctrl+Alt+D keyword shortcut.

The following video was recorded from a Windows XP laptop. This short lesson demonstrates how to connect to a FTP server using Windows Explorer and transfer a file from your PC to a FTP server.

Today’s message from DVD host Omar Wasow is titled “Windows Vista IS for Dummies, buy a MAC if you really want to get some work done.”

Fox News ran a short segment today titled Picking a PC. The guest of the segment was Omar Wasow whose claim to fame comes from being the host of the Windows Vista for Dummies DVD. Wasow also credits himself with teaching Oprah Winfrey how to use email according to this news story.

The Fox News hosts along with their guest (Mr. Windows Vista for Dummies) actually give MAC the big endorsement. The most interesting part of this HOWTO pick a PC story is that when Wasow is asked which machine he uses, his answer leads him to admit that he is a MAC user. He does slip in there that he uses Windows too, but his reaction shows a clear preference for the MAC “Road Warrior ” machine. The Dell laptop shown in the clip gets the worst press of all as being the cheap choice for the college kid.

When ranking the security status of a PC on a scale from 1 to 5, with 5 being the most vulnerable, this PC ranks an 87.

This is a screen capture from the Windows Update site for one of my laptops shortly after installing Windows XP Professional and adding Service Pack 2.  Choosing to ignore these updates leaves a PC very open to attacks especially if the machine has not anti-virus software and a firewall is not running.

Visiting the Windows Update site is a good first step to securing a PC.  There are a few other things that I would highly recommend when building or buying a new PC.

1. Purchase and install an enterprise grade anti virus application and subscribe to automatic signature and software upgrades.
2. Install a client based firewall application, especially if you will be connecting to public networks.
3. Use VPN software and SSL (https) web sites as much as possible when on public WiFi. (more HOWTO details to come on this subject)
4. Update your other third party applications on Windows regularly and enable automatic updates where possible. (i.e., iTunes, QuickTime Viewer, Java run-time, etc.)
5. Verify that your PC is not trying to automatically reconnect to Windows Network shares at logon.

I can not impress upon you bloggers how important number three is for those of you who frequently log onto your blog software via http (tcp port 80) over a public wireless access point from a hotel, coffee shop, or your favorite lunch location.  The software to enable a hacker with the capability to capture your user ID and passwords over a public access point is widely available and very easy to use.   The same from utilities can be used to capture unencrypted passwords used when accessing email, ftp servers, and web site control panels.

This is a fairly common question in small IT shops.  I have faced this question a couple of times in my IT career and I will share some details from my experiences.  I posted a lengthy comment on the subject of DHCP vs static IP addresses on my friend Trace’s new blog. Trace started a brand new blog a few weeks ago titled Trace Pupke:another church IT blog. Trace is the IT Director of Seacoast Church. Here is what I had to say on the question of “DHCP or Static IPs?“.

I recommend that you consider DHCP reservations as a middle ground between the static addresses and your current DHCP configuration. There are several reasons for this, but the main reason is for centralized control of changes to DNS, Default Gateways, and Subnet Mask. I would definitely continue to use DHCP for laptops since they are frequently moved between your network and other networks. If you feel that static addresses are the only way for you then you might offer your users the ability to change their own IP settings on the laptops for when they travel. Here are a couple of scripts you can user in two separate BAT files to easily switch between static and DHCP without having to open the TCP/IP settings of their NIC.

Put the following two lines in a file called office.bat. netsh interface ip set address name=”Local Area Connection” static 192.168.0.2 255.255.255.0 192.168.0.1 1 netsh interface ip set dns “Local Area Connection” static 4.2.2.1 primary Put these next two lines in file named away.bat. netsh interface ip set address name=”Local Area Connection” source=dhcp netsh interface ip set dns name=”Local Area Connection” source=dhcp Note: The “name” variable must match the Name shown for that NIC in the Control Panel/Network Connections. If you are wondering how I ssh from the command line of Windows you should check out my post titled SSH from Windows CMD line.

Since my job most often requires me to interface with network devices via telnet or ssh I like not having to use the mouse when in a tight network closet. I am often working on IP segments that do not have DHCP configured so I put several of these types of files with short easy to remember names in my system directory. You can use any other folder found in your path statement. That way I can run them from any folder on the command line without having to use the mouse. One way to stop the rouge clients is by implementing port security on your switches where you match a port to a specific MAC address. Most IOS versions from Cisco support this as a standard these days. I am not sure about 3Com. This can be difficult to manage in an area where you have a lot of visiting network users. In that case you should consider putting those non-secured drops in a DMZ off your firewall to keep them off of your trusted/inside network IP segment.
I have traveled down the path of answering this very same question for myself as a system administrator with two previous employers.  One employer was Piedmont Technical College where I had about 350 user nodes.  Not all of these were IP based clients.  Many were on Local Area Transport (LAT) using VT terminals to access our VAX.  All of my clients were scattered across 9 locations in seven different counties of South Carolina.

The other employer where I faced this DHCP vs Static decision was at Cambar Software now called Cambar Solutions.  Back in the day when I started with Cambar, we had about 100 PCs with a majority of them running OS/2 Boot Manager to allow for booting to one of three separate operating systems (OS/2, Windows 95, and Windows 3.1).  Later we added NT 4.0 as an option on some of the multi-boot systems.  These were the operating systems that different clients were running at the time.  The developers, testers, and help desk folks could boot into the OS that was needed to support the particular client they were currently working with at the time.  The trick to static addesses was to keep the same address on all three operating systems.  They were not running and internal DNS or WINS server when I started, but were using hosts and lmhost files to provide friendly names for accessing the dozens of servers (uh hotrod PCs) that they were running DB2, Oracle, and MS SQL databases on.  This setup was an administrative nightmare when trying to add a new host to the hosts file of three different operating systems of 100 PCs.
Both of these previous employers were running static IP addresses when I started.  They both ended up on DHCP before I left.  Today I am no longer supporting end users directly as I was back then, but I do support dozens government customers with 5,000 plus users on the LANs.  They all use DHCP as you might expect.

What this question boils down to is this.  How easy will it be for you to manage static IP addresses.  If you are a very small IT shop, say less than 50 users with yourself as the only IT support person, then static IP addresses will probably be pretty easy to manage.  If you have more than one IT support staff member, then things get a little more complicated.  Who will control the list of IP addresses and how will it be accessed?  If you are installing a new PC and do not currently have access to the list (online spreadsheet or notebook in another IT guy’s pocket), then how do you know what is available?  These circumstances become much more common as your network grows and the number of support staff members increases.  I submit that wireless access to online versions of these IP list spreadsheets via PDA’s does make the static address management a little less cumbersome than in my desktop support days.
No matter the size of your IT shop, if you want better control over your IP addresses, then the reservations is a good way to go.  You will still want to keep a few non-reserved addresses available in your DHCP pool in the event you need to quickly add a printer or PC, but you can easily restrict what those IPs can do with a good firewall strategy.  You can free up their network access via the firewall a little later.
My comments on Trace’s blog were echoed by another Church IT director Travis Kensil.  Travis touched on the wireless factor which I did not have to deal with back when I was answering this DHCP vs Static IP question.