Category Archives: Microsoft Server 2012

Clear Temporary Internet Files for All Users

I came across this utility from the folks over at Ctrl-Alt-Del Consulting which is great for reclaiming space taken by users temporary internet files stacking up over time. I’ve found it especially helpful on terminal servers with hundreds of users. Download their free tool ICSweep here:

http://www.ctrl-alt-del.com.au/CAD_Utils.htm

Once downloaded, extract it to the root of C:\. Open an administrative command prompt and cd to the “C:\ICSweep” directory and reference the following switches:

Usage:
ICSweep [/ALL|/TIF|/TMP] [/?]

  /ALL   -   Delete both Temporary Internet Files and Temp files
  /TIF   -   Delete Temporary Internet Files only (Default)
  /TMP   -   Delete Temp files only
  /SIZE  -   Report the size of both Temporary Internet Files
             and Temp files in each profile NOT in use. This
             switch will also report the total size of
             both Temporary Internet Files and Temp files NOT
             in use. It DOES NOT DELETE any files.
  /?     -   show this help file

Setting Up FTP-over-SSL With IIS7 (FTPS)

┬áPART I – Server Setup

1) Install IIS Web Service role with all FTP Features selected:

2) Create folder you want to use as your FTP root landing point (i.e. D:\FTP)

3) Set permissions to allow anonymous access. Open command prompt as administrator and run the following command (using whatever folder path you created):

ICACLS “D:\FTP” /Grant IUSR:R /T

4) Open IIS. Right-click Sites and Add FTP Site:

5) Name your site and specify the FTP folder you created as the Content Directory:

6) Choose IP/Port and SSL settings below:

7) Specify Authentication and Authorization Information. In this example, we will give ‘Administrator’ full read/write access:

8) Create self-signed certificate. Select your server name in IIS Manager > Create Self-Signed Certificate in the right-hand pane. Complete the wizard, naming the certificate whatever you want:

9) Select your new FTP site under the Sites node, and select FTP SSL Settings. Select the certificate you just created. Select Custom for the SSL Policy, specify Require only credentials for the Control Channel and Allow for the Data Channel. Click Apply to save settings:

10) Edit bindings of the FTP site, and add port 990:

This should complete the setup of the server if you are using it internally. If you need to access it through a firewall (i.e. Cisco ASA) over the Internet, there are additional settings that need to be configured:

PART II – Firewalls, Ports, and External Access

11) Select the server name in IIS Manager > select FTP Firewall Support. Specify your passive port range and the external IP address this server uses. In this example I only specify one port (5000) so that I only need a single access list line on my firewall for a single port. Replace xxx.xxx.xxx.xxx with whichever public address your server uses. Click apply:

12) Now the firewall changes. This example uses Cisco ASA with a single external static address. The principals are the same with other firewalls. Insert the following commands:

//Create the object-group
object-group service FTPS
service-object tcp-udp eq 5000

//Permit the control and data ports with an access list
access-list outside_in extended permit tcp any interface outside eq 990
access-list outside_in extended permit object-group FTPS any host PUBLIC_SERVER_IP

//Specify your static NAT to internal FTP server
static (inside,outside) tcp interface 990 INTERNAL_SERVER_IP 990 netmask 255.255.255.255
static (inside,outside) tcp interface 5000 INTERNAL_SERVER_IP 5000 netmask 255.255.255.255

13) IMPORTANT: Open the services console (services.msc) on the FTP server and restart the Microsoft FTP Server service. This will bring passive port change made above online. Skipping this step will make you bang your head against the wall because it’s all setup correctly, it’s just not handing out the right passive ports when you connect.

PART III – Connecting with FTP Client

14) I use FileZilla for this example. It’s easy, free, lightweight FTP client that can do FTP over SSL. Open FileZilla > File > Site Manager and create a new profile with the following settings:

15) You should now be able to establish this connection. When you attempt you will be prompted if you want to trust the certificate (because it is self-signed), which you’ll want to do, and should be presented the directory listing on the FTP server:

Migrate DHCP Database To New Windows Server

Exporting the DHCP database from one Windows server to another using the GUI can sometimes be more of a headache than running two simple commands. I’ve had much more luck using the following method:

NOTE: This assumes that you have the DHCP Server Role already installed on your new server

1) Open command prompt as admin on the source server. Issue the following command:

netsh dhcp server export C:\dhcpdatabase.dat all

2) Open the services console and stop the DHCP Server service, and set it to ‘disabled’

3) Copy C:\dhcpdatabase.dat file from the source server to the same location on the new server.

4) On the new server, open a command prompt as admin. Issue the following command:

netsh dhcp server import C:\dhcpdatabase.dat

5) Restart the DHCP Server serivce on the new server and you should be good to go.