Apple Remote Desktop
Posted by Mark Raborn in Mac, WIGITAL on June 13th, 2009
Apple Remote Desktop enables Administrators or Mac Users to connect remotely to an Apple OS X computer and interact with that computer as though sitting at the console. Apple Remote Desktop requires Apple OS X 10.3.9 or higher (10.4 or higher for all features).
Apple Remote Desktop encrypts aspects of ARD traffic including Authentication, Administration, Observe and Network Control Data
learn about Encryption in Apple Remote Desktop here
learn about what is NOT encrypted in Apple Remote Desktop here
Install Apple Remote Desktop on the Administrators Computer
On the Administrators Computer create an Apple Remote Desktop user account (i.e. ARDuser) and password (i.e. P@ssword)
- System Preferences | Users | Add Users
- select checkbox to All user to administer this computer
On each Remote Client Computer (the target systems for Apple Remote Desktop) - Create an Apple Remote Desktop user account with the exact same credentials as the Administrator system (i.e. ARDuser) and password (i.e. P@ssword)
- System Preferences | Users | Add Users
- select checkbox to All user to administer this computer
Select the Services available to the Apple Remote Desktop User (i.e. ARDuser) on that client machine. Apple Remote Desktop services available to Users through System Preferences | Sharing | Apple Remote Desktop can allow the user to do the following:
- Generate Reports
- Open and quit applications
- Change settings
- Delete and replace items
- Send text messages
- Restart and shut down
- Copy items
- Observe
- Control
- Show when being observed
You can also “pre-define” these settings in a Client Installer for Apple Remote Desktop and deploy these same settings and the User Account for Apple Remote Desktop to multiple machines simultaneously.
Downloads
Apple Remote Desktop Technology Overview
Apple Remote Desktop Administrators Guide
Tutorials
Apple Remote Desktop - Remote Assistance
WordPress plugins
Posted by Mark Raborn in WordPress on April 18th, 2009
WordPress Plugins and Extensions
“a growing list of WP plugins to review”
Forms
Contact Form 7 by Takayuki Miyoshi
http://wordpress.org/extend/plugins/contact-form-7/
TDO Mini Form by Mark Cunningham
http://wordpress.org/extend/plugins/tdo-mini-forms/
Post Notification
Post Notification by Moritz Strube
http://wordpress.org/extend/plugins/post-notification/
Comments Captcha and Spam
Bad Behavior by Michael Hampton
http://wordpress.org/extend/plugins/bad-behavior/
BTW - - Bad Behavior port to Joomla
http://www.teachmejoomla.net/news/latest/joomla-anti-spam.html
BotProof CAPTCHA by Sante Suffoletta
http://wordpress.org/extend/plugins/botproof-captcha-20/
Captcha! by Boriel
No longer in development
Really Simple CAPTCHA by Takayuki Miyoshi
http://wordpress.org/extend/plugins/really-simple-captcha/
SI Capatcha by Mike Challis
http://wordpress.org/extend/plugins/si-captcha-for-wordpress/
WP HashCash by Elliot C Back
http://wordpress-plugins.feifei.us/hashcash/
WP ReCAPTCHA by Blaenk Denum
http://wordpress.org/extend/plugins/wp-recaptcha/
WP SpamFree by Scott Allen
http://wordpress.org/extend/plugins/wp-spamfree/
SMTP Mail
WP Mail SMTP by Callum MacDonald
http://wordpress.org/extend/plugins/wp-mail-smtp/
Contact Form 7
More
6 Questions About Business (from a friend in Germany)
Posted by Mark Raborn in Business on March 21st, 2009
A friend of mine from Germany, “Micha”, has been studying the English language as an additional skill/ability for conducting business in Europe and the United States (where English is a “linguistic common ground”). He just sent me an email asking me to answer some questions (i.e. briefly give my opinion) about business practice/culture in the US.
I just wrote him back (very informally). I thought it interesting to record my own responses to his questions. What would you write to a friend in Europe asking you these questions?
Here is Micha’s email (and his points/questions):
Hi Mark,
how are you? I need your help
Since several weeks we have english lessons at work. Today I got some homeworks for next week. I have to talk about american business etiquette. So, I thought to ask you, cause you are a businessman.
Maybe you have some minutes to write down some headwords about this topic, so I can get a knowledge about it.
We got some points:
- punctuality (germans normally are punctual, spain people not, how about americans?)
- meetings (how does a meeting proceed) … I hope this does translate
- business dress / attire
- interesting facts (dos / don’ts)
- small talk
- presents (in germany it’s normal to send presents to businesspartners on christmas)Take your time for answering - I need the information next wednesday.
Thank you in advance
Cheers,
Micha.
My informal opinions written impromptu in reply:
Punctuality – Americans do rely on punctuality. I think today it is more associated with business then personal life here (people require a lot more flexibility in their personal lives in terms of being on time). In the business world however, we expect to make our meetings on time, complete tasks on time and keep a schedule. These practices fit well with achieving business goals.
In my own mind, I would say that punctuality is important to the average American because our lives are so very full of “activity”. We are a society of achievers. Being on time is important to have any hope of achieving the over-abundance of things so many of us schedule for ourselves every day.
Meetings – Micha, this very much depends on the meeting. Officially, Roberts Rules of Order http://en.wikipedia.org/wiki/Roberts_Rules_of_Order are well known and adhered to (especially in committee meetings, town hall meetings, government, etc…) However, meetings in the American business world vary a great deal based on the “culture of the company”. In America, (in my opinion) one of the reasons people choose a work environment today is both because of the professional opportunities and income at the company but also because of the “culture” of the company. Different companies choose to do things in VERY different ways. I explain this because companies can have very informal meetings: one company may hang out on bean-bag chairs, eat bagels and snacks and literally lay around having a meeting while other companies may be highly formal (this has been the more acknowledged tradition - especially in larger established companies). It varies a lot Micha based on the company you are with. Another perspective is that of Small Business. Solely owned small businesses are very common today in the United States. These are companies owned by a single person and meetings in those companies tend to take on the personality of the owner.
One thing that is almost universally common is to define an agenda supporting the function of the meeting. No matter what the culture is for a business, knowing what you intend to discuss and having goals that support what the meeting is meant to achieve are generally always part of the framework.
Business Dress and Attire - Business dress and attire is also flexible enough to say that today, there is no particular “common practice” in the US (although suit and tie was once quite common). Many companies these days no longer require a certain type of dress for employees. Work culture has changed a lot here in recent decades and our country has become far more “ability, competency and talent” oriented in the acquisition of it’s “human resources” requiring people much less now to “fit into a certain type of mold”. Dress is today (I personally believe) now also oriented more toward “company culture” than a particular standard of business attire. We do however, still define when an “event” is formal and when these occur we dress accordingly (suit and tie, evening gowns, etc…).
Interesting Facts Dos/Don’ts –
DON’T: interrupt, be impolite, talk over another person.
DO: “listen”, encourage, promote unity (when appropriate), help others
Small Talk – Micha, I think in the United States most business is built on “Small Talk”. Building relationships with “people” is how business is done. It’s rare that someone wins an account or a contract or makes a BIG sale based on simply being the best choice or having the best product or reputation. It takes someone to “like you” and “trust you” and that takes small talk. It’s important to build rapport with clients and know them as people. Opportunities rise from relationship.
Presents – Yes, we do give gifts. Sometimes at Christmas but also, we give gifts after we make sales. It is a practice in the United States to send some small (or Large) thank you gift to a client after a sale. Sometimes, the practice of giving gifts is built into a company sales and marketing strategy and is very carefully scheduled, financed and practiced. Not everyone does this but really good salespeople do. It’s good business (and good manners as well) to recognize your client.
Hope this helps brother.
Cu online,
Your friend,
Mark
creating a Joomla Site Template - Joomla specific CSS affecting Typography
Posted by Mark Raborn in Joomla on March 19th, 2009
Building a Joomla Site template from the ground up has caused me to reflect a little more about Joomla specifics. Coding a CSS template for a CMS means getting into the underlying architecture. So… I’m going to log my take on the Joomla side of things and write some ”personal reminders” about my learning process. The goal here is to a grip on the built in CSS Classes in Joomla and how I might use them to apply my own CSS Typography.
Challenge: quickly learn the default Joomla table structure and find the built in .classes
Why so urgent? Bump into a table class or nesting that avoides my own template CSS (as an example) and stuff will look a bit wierd or out of place for that element.
Let’s do some quick research >>>
A journey to Docs at Joomla gives us _a_blank_placeholder_for_future_content (as of 2009-03-19) . Even though there’s nothing here right now, we’ll definitely keep this for future reference :
http://docs.joomla.org/Default_CSS_classes
With that bookmarked, let’s jump over to Joomla’s forum. A post there provides a list of the default Joomla classes…. another keeper 
- Joomla Forums: http://forum.joomla.org/viewtopic.php?t=125508
Now where to find the hooks for CSS in the components, plugins and modules themselves?
http://docs.joomla.org/List_of_Joomla!_generated_core_CSS_classes
and just exactly how does it come together ??? A Joomla template designer’s CSS References Guide covers some basics to quickly review “context”. Much of this may be more applicable to Joomla 1.0 then 1.5 so we’ll have to sort out the differences.
- Joomla CSS Reference
- Joomla Component CSS Guide
- Joomla Modules CSS Reference
- Joomla Mambots CSS Guide (deprecated)
- JoomlaBoard CSS Reference ( look to Kuena in the future - this will be the standard Joomla forum )
- Remository CSS Reference
Now let’s put it all in context within a Site. How is this going to be affected by how Joomla actually renders content? How are we going to see our articles and have menus generated?
Andrew Eddie recently posted some diagrams in .pdf on this very subject . This info is worth a ponder as we think about how our content (Sections/Categories) will eventually be pushed into menus in the Joomla architecture. Considering this first is a good idea prior to getting started with our CSS
http://www.theartofjoomla.com/joomla-structure-pdf.html
Good, we’ve covered the basics ( now I can take a few notes for “me-myself-and-I” .
ZERO OUT THE CODE
Before beginning, this is just a reminder to anyone new to CSS to please Zero out built in browswer styling. You can do this by adding this to the top of your CSS stylesheet:
body, div, dl, dt, dd, ul, ol, li, h1, h2, h3, h4, h5, h6, form, fieldset, legend, input, textarea, p {
margin-top: 0pt;
margin-right: 0pt;
margin-bottom: 0pt;
margin-left: 0pt;
padding-top: 0pt;
padding-right: 0pt;
padding-bottom: 0pt;
padding-left: 0pt;
text-align: left;
}
Now… with an acknowledgement to all that Dan Cederholm > Bulletproof Web Design taught me, please remember to zero out the table spacing also (we’ll touch on Joomla tables on how they’re impacting us below)
table {
border-collapse:collapse;
cellspacing:0;
}
Next is a little help for older browswers using something I learned that was way over my head . We set our default font size for our template with the additional help of the BOX MODEL HACK to help with our fixed width approach as well as Zero out margin, padding and add a background color
body {
/* box model hack - http://www.tantek.com/CSS/Examples/boxmodelhack.html */
font-size:small; /* 1 size smaller fir IE5/Win */
voice-family: "\"}\"";
voice-family:inherit; /* BEGIN MODERN BROWSERS*/
text-align:center; /* center IE */
font-size:medium; /* size for current browsers */
margin:0;
padding:0;
background: #ededed url('none-just-yet');
}
html>body { /* be nice to Opera 5 */
font-size:medium;
}
and then we can finally learning Joomla CSS and talk about being Joomla specific
A brief look at Joomla specific TYPOGRAPHY
…. in progress
Writing CSS for beautiful TYPOGRAPHY is a very broad discussion. I will not be including CSS in a broad way for the site that I’m working on. That would be a lot of writing.
However, I can help some…. if you want to get into CSS, or the much broader discussion about Typography. then do your reading and enjoy the journey.
The focus for me right now is to annotage the facts and those little ”odd” and “random” things about Joomla that I need to be aware of in coding the stock Typography for a site.
For your own site, please generate CSS and TYPOGRAPHY according to your concepts and desires. If there is something here that’s useful, please check back. I hope you find it helpful. I’ll do what I can to come back and to add to this “work-in-progress”.
First things first - Joomla TABLES
Joomla uses Tables “by default” in which to place the content generated from Joomla components, plugins and modules. If you do not want the browser and Joomla itself to make up it’s mind about size, indentation, margin, padding, etc… then absolutely remember to Zero out the cellspacing and collapse-border(s) …. (we’ve already done this above). Here is an exampled once again:
table {
border-collapse:collapse;
cellspacing:0;
}
This will give you the ability to better track how things behave within the Joomla “Content” TABLE. As various components, plugins and modules are calling content up into the TABLE, it’s important to know you have a clean slate to start with. With borders collapsed and cell spacing at zero, let’s move on.
FIY: to get around tables as the platform for display, set aside some time and read Understanding Output Overrides.
Joomla Component Headings and Content Headings
- in Joomla, certain content has been conceived as being of of the “Heading” type in nature. This content is generated into <table> <td> in the “context” of headings.
- These Headings ”in context only” appear
- inside the Joomla contentpane
- outside the Joomla contentpane
- the headings can be hooked onto using a Joomla class
- .componentheading (for components)
- .contentheading (for content)
Now because the “context” of these classes is to style in the “context of a Heading”, I’m going to match the style of .componentheading and .contentheading to my H1 and H3 CSS TYPOGRAPHY
- .componentheading = h1 (matched to my h1 style elswhere in the template)
- .contentheading = h2 (matched to my h2 style elsewhere in the template)
This way… if not a single Header element was ever used by someone writing articles, the .componentheading and .contentheading could still appear in the Joomla context appearing as “Headings” even though symantically they are not <Header> elements. I’ve made this choice on a “style basis” only.
Tables and Forms “inside” the Joomla contentpane
Because the <table> element is the home for much of the content seen in Joomla (without template Overrides), we must define the font size in a fixed manner here as well. The reason is because Joomla at times nests <<<tables <<inside of tables> inside of tables>>>. This nexting would cause a variable font size assigned to a <TABLE> or possibly table data <TD> elements to become progressively larger or smaller based on the number of nested tables around the text.
So, using a fixed size for font’s in tis context is a better choice :) (i.e. pixels or some other fixed form - pt, pc, in, cm, etc…)
Examples of defining font-size for your text:
The key here will be using CSS specificity. Hopefully we’ll find the classes quickly and keep things rendering agreeably inside the Joomla tables, forms and so on
TABLES and FORMS …. we’ll add more .classes in this article.
table.contentpane
Joomla uses a class on the main Joomla table. It also nests tables inside the main table so we use a fixed size so nesting does not continously adjust size indefinitly on nested elements:
table.contentpane form, table.contentpaneopen table, table.contentpaneopen form {
font-size: 12px;
}
DIVs in Joomla
- - - - ADDING MORE (will add NOTES later) - - -
.moduletable (we’re not styling this element as it would cascade through to many instances) However, we ill style children of .moduletable
div.moduletable form
div.moduletable form {
font-size: 12px;
margin:0;
padding:0;
border-collapse:collapse;
}
div.moduletable form table
div.moduletable form table {
font-size: 12px;
margin:0;
padding:0;
border-collapse:collapse;
}
div.moduletable h3
div.moduletable h3 {
font-size:.92em;
}
div.moduletable_text
div.moduletable_text {
font-size:.72em;
}
div.moduletable_text h3
div.moduletable_text h3 {
font-size:.92em;
}
div.bannergroup_text (we’re not styling this element as it would cascade through to many instances) However, we ill style children of .moduletable
div.moduletable_text div.bannergroup_text {
}
div.moduletable_text div.bannergroup_text div.bannerheader {
}
div.moduletable_text div.bannergroup_text div.banneritem_text {
}
div.blog_more
div.blog_more {
font-size:.72em;
}
.pagenav
.pagenav {
font-size: .72em;
}
Joomla OL and UL inside tables
The next Joomla specific need is to address lists. Usually lists can be addressed in the same manner as paragraphs, definition terms, definition descriptions, etc… Often times this is done by applying a “default” font size to the body element (as shown) and then applying variances to that “default” more specifically throughout the CSS
body {
font-size:medium; /* size for current browsers */
}
An example would be to set a %percentage or em from the default here for OL and UL (such as font-size:80% or font-size:.72em etc…) .
While this works outside the contentpane table in Joomla applying a variable font size to OL and UL elements inside the Joomla contentpane, causes the list items <li> to progressively shrink in size…. like so:
ululul
This of course is NOT GOOD 
for a consistent TYPOGRAPHY. So, we’ve got to keep our eyes open for how OL and UL are affected in the template. While the OL & UL <li> elements inside the MENUS do not change (because they are outside the contentpane), those inside the .contentpane (or .contentpaneopen) most definitely do.
So we will assign a fixed font-size to UL and OL elements of 12px . TO BE VERY CLEAR, this is styling UL and OL elements inside the contentpane.
The two forms of the .class we are looking for are (”NOT-OPEN” and OPEN) which are assigned a to .contentpane AND .contentpaneopen in Joomla by default. The classes:
- .contentpane (NOT OPEN)
- .contentpaneopen (OPEN)
Which leads us to write CSS for OL and UL with the syntax of
table.contentpane ol, table.contentpane ul, table.contentpaneopen ol, table.contentpaneopen ul {
font-size: 12px;
}
Blog specific classes in Joomla
.blog_more strong {
}
.blog_more ul {
}
.blog_more ul li {
}
.blog_more .blogsection {
}
.blog_more a.blogsection {
font-size:.72em;
}
Joomla Footer DIV has does not have a default class
The last item (pun intended) is the footer. The default TEXT rendered by Joomla that is pushed into the footer is echo’d into a <DIV>. The <DIV> in this case does not have a .class assigned to it by default. This means that FOOTER text is not affected by the default size applied to other Joomla elements, etc… So to get a hold on the footer we will edit the index.php file and wrap the footer inside a container <DIV> . We can then #id the div and subsequently globally size and style anything inside of it.
<!-- FOOTER -->
<div id="footer">
<jdoc:include type="modules" name="footer" style="xhtml" />
</div>
That’s it for now. Thanks for reading.
Mark Raborn
WIGITAL
NOTES FOR LATER:
creating a Joomla Site Template - building index.php, mod_mainmenu and Modules
Posted by Mark Raborn in Joomla on March 18th, 2009
Please note: this article is a personal notepad and not a walkthrough. Although I’m linking what I feel is worth readingregarding Joomla template design, the article is not a walkthrough. A TON OF HOW I’M MAKING THE TEMPLATE is left unsaid. I am primarily tossing breadcrumbs so I can find my way through. You will be able to view the finished product at http://www.wigital.net by June of 2009. Thanks
also… I like the sites at att.com and apple.com/server . I may borrow from them
The first step in creating a site template is to simplify what I see in the Joomla installation. When I initially installed Joomla, I installed the default content into our site. This means there are lots of articles, menu items and components active, not all of which we’ll need. Let’s disable and unpublish EVERYTHING
In the Admin Panel
- GO TO Content | scroll to the bottom of the page | look for the Display drop down menu at the bottom of the table | select All
this will display ALL of the articles
- scroll back to the top of the Articles table | check the box above the columns that selects ALL of the articles | click Unpublish | in the headers at the top of the table, click on the FrontPage header (this will sort the FrontPage articles to the top) | select as many FrontPage articles as you want and click Publish (this will put a few articles on the Front Page)
I don’t need to see anything but the FrontPage for a while.
Using my web editor (you can download Nyu or Amaya for free).
- Navigate to the Templates folder
- create a new Folder inside the templates folder (and name it for your template)
- MyTemplateFolder
- create four subfolders inside your “newly named” MyTemplateFolder
- css (styles)
- html (template overrides)
- images (images for the template)
- javascript (scripts)
- more
Build a Template based on XHTML and CSS. Borrow from the free template tutorial made available by Barrie North as well as the Joomla 1.5 Template Tutorials, Articles and HowTo’s here
JOOMLA TEMPLATE ARTICLES AND TEMPLATE TUTORIALS
http://docs.joomla.org/Joomla!_1.5_Template_Tutorials_Project
http://docs.joomla.org/New_features_introduced_in_Joomla!_1.5_templates
Since I’m trying to get a basic sketch up today, I will skip the Template Overrides feature. However, I will bookmark it for later and get back to transitioning components/com_content_views/ defaults for Article and Frontpage content to tableless CSS when I have time.
Template Overrides of Tables in Joomla (for future reference)
http://developer.joomla.org/tutorials/165-understanding-output-overrides-in-joomla.html
http://www.m65.net/article-chapter-pages-joomla!-joomla-template-kits-tutorials-layout-76-205.html
http://www.scribd.com/doc/2300107/Joomla-v-1-5-Getting-Started-with-Template-Overrides
OK.. So I’ve laid out the following “basic” index.php file according to the guides above
<?php defined( '_JEXEC' ) or die( 'Restricted access' ); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="<?php echo $this->language; ?>" xml:lang="<?php echo $this->language ?>" >
<head>
<jdoc:include type="head" />
<link rel="stylesheet" href="<?php echo $this->baseurl ?>/templates/<?php echo $this->template ?>/css/template.css" type="text/css" />
<link rel="stylesheet" href="<?php echo $this->baseurl ?>/templates/<?php echo $this->template ?>/css/print.css" type="text/css" />
<script type="text/javascript" src="media/system/js/mootools.js"></script>
<script type="text/javascript" src="media/system/js/caption.js"></script>
</head>
<body
<div id="wrapper">
<?php echo $mainframe->getCfg('sitename'); ?>
<jdoc:include type="modules" name="top" style="xhtml" />
<jdoc:include type="modules" name="left" style="xhtml" />
<jdoc:include type="component" />
<jdoc:include type="modules" name="right" style="xhtml" />
<jdoc:include type="modules" name="bottom" style="xhtml" />
</div>
</body>
</html>
NOTE: The jdoc:include type=”component” is the TABLE based component. This is acceptable for now and will be “hopefully” gotten to later.
Now… next comes the layout as I intend to achieve it.
LOGON (inactive on most pages/menus)
TOP NAV (3 tabs only of key links)
SITE NAME & SEARCH
TOP NAV MAIN (main top navigation)
LEFT NAV MAIN & COMPONENT (contained in same div)
RIGHT NAV
BOTTOM (MODULE-User11 | MODULE-User12 | MODULE-User13 | MODULE-User14)
a little breathing space
BOTTOM INDEX NAV (MODULE -a form of NAV indexing the site contents - “will figure this out“)
FOOTER
Now the big deal at this point is figuring out what modules go into where ??? and What Includes and <div> containers to make.
Joomla Modules
Joomla start with User1, User2, User3, User4 modules loaded as defaults. Adding additional modules gives me a launch pad to customize my content in Modules a bit more (as well as what I am able to do functionally with the modules given the broad array of Joomla extensions). Here is my initial idea for modules:
- User1 = Latest News
- User2 = Popular
- User3 = Top Menu
- User4 = Search
- User11 = Module? (TBD)
- User12 = Module? (TBD)
- User13 = Module? (TBD)
- User14 = Module? (TBD)
- User20 = Logon (mod_login styled to display horizontally)
- User21 = TopNav
- User22 = TopNavMain
- User23 = BannerNav
- User24 = BottomIndexNav
Now this alters our BODY
<body> <div id="wrapper">
<jdoc:include type="modules" name="user20" style="xhtml" />
<jdoc:include type="modules" name="user21" style="xhtml" />
<?php echo $mainframe->getCfg('sitename'); ?>
<jdoc:include type="modules" name="top" style="xhtml" />
<jdoc:include type="modules" name="user22" style="xhtml" />
<jdoc:include type="modules" name="left" style="xhtml" />
<jdoc:include type="component" />
<jdoc:include type="modules" name="right" style="xhtml" />
<jdoc:include type="modules" name="user11" style="xhtml" />
<jdoc:include type="modules" name="user12" style="xhtml" />
<jdoc:include type="modules" name="user13" style="xhtml" />
<jdoc:include type="modules" name="user14" style="xhtml" />
<jdoc:include type="modules" name="bottom" style="xhtml" />
<jdoc:include type="modules" name="user24" style="xhtml" />
<jdoc:include type="modules" name="footer" style="xhtml" />
</div>
</body>
Now I can move on to adding <div> tags and IDs and using CSS to position these modules and componets where I want to in my Template.
OK… now all of thos modules have been created in the Index.php file and they’ve been contained in <div> tags and ID. The next thing is to actually create the User11 through User24 modules and then assign the actual Joomla MODULES (or copy existing ones) to them. This is achieved using Modules in the Admin Panel .
Navigation
The mod_mainmenu module is the NAVIGATION of Joomla. ”By default” it is assigned to Main Menu (left nav in default template RhukMilkyway) and Top Menu (top pillbox nav in default template RhukMilkyway) . To make multiples of a Top Navigation (nav designed to display horizontally) we are going to copy the Top Menu mod_mainmenu module 3 times and the Main Menu mod_mainmenu once.
The fastest way to do this is to go to the Menu Manager and copy the Top Menu OR Main Menu there. Copying in the Menu Manager automatically creates a copy of the mod_mainmenu mode in the Modules . This method saves a couple of steps.
Now prior to setting these up, we still need to create Positions for each of the copied Navigation modules.
This article explains how to create Positions (they need to be added to your templateDetails.xml file)
http://www.dart-creations.com/joomla/joomla-tutorials/joomla-1.5-template-positions.html
As soon as these <position>userValue</position> are added as children of the <positions> element, we are ready to assign our copied modules to the new positions we’ve created.
Once the menus have been copied in the Menus | Menu Manager, then go to Extension | Modules Manager and confirm your Module Parameters, Advanced Parameters, and Other Paramters are set according to your planning:
- User21 = TopNav mod_mainmenu module
- User22 = TopNavMain mod_mainmenu module
- User23 = BannerNav mod_mainmenu module
- User24 = BottomIndexNav mod_mainmenu module
AGAIN!!! REPEATING !!! - -In the Extension | Modules Manager , review the Module Parameters, Advanced Parameters, and Other Paramters for settings related to controlling the look and feel of the navigation modules.
Our First Parameter is Menu Style:
Module Parameters | Menu Style | Legacy - Flat List
* Vertical - The Vertical Menu Style Child Menu Items will be displayed in an extended form when the Parent Item is clicked upon. These will be presented with an indented offset Title that will distinguish them from the Parent. This is the type of Menu Style adopted for the Main Menu in the standard Template installed with Joomla!. However, alternative Templates may treat this differently.
* Horizontal - The Horizontal Menu displays the Menu Items one above the other in a tabular layout. Child Menu Items are not displayed. The appearance is similar to the Vertical Menu Style.
* Flat List - The Flat List Menu displays Menu Items in list format (<li> tags). Depending on the CSS settings of the active template, the Menu may display horizontally or vertically. This option does not display Child Menu Items. This is the Style used for the Menu Bar at the top of the standard Template installed with Joomla!. However, alternative Templates may treat this differently.
We use the Flat List here because it gives us a very high degree of control of the <li> elements using CSS. The only mod_mainmenu that we will define as something else is the Main Menu which we define as vertical in order to use the automated indentation and the extension of the Menu using Joomla’s code.
Joomla Modules and Module Types
Joomla has more than a few accolades as a Content Management System. This is in large part due to the success Joomla has had in establishing an outstanding Open Source Community. It is also due to the flexibility of Joomla to be customized and the power of the components and modules that are available.
The modules aspect of Joomla is very cool because you can just grap something, plug it in somewhere and whalla !!! a new cool feature in your site. Even by default, Joomla has a flexible array of functionality in it’s Modules. To learn about Modules and Module Types, please read:
http://docs.joomla.org/Modules_Administrator
For now… we are going to create for mod_custom modules. mod_custom allows us to type in some custom HTML into the module and publish it like a article or web page. This gives us the ability to type HTML directly (with CSS ID’s, selectors, classes) into the module for the purposes of playing around with and fine tuning our CSS design. As soon as the design is ”stylin”, we’ll be able to substitute other module types when the time comes to have a more focused approach based on the “purpose” those module positions will eventually play in our layout.
Remember earlier we wanted to create the following:
We’re now going to crate Four mod_custom modules and assign them to those User positions. We’ll name them and assign them to the appropriate position.
4x User11 > User11 = Module? (TBD)
4x User12 > User12 = Module? (TBD)
4x User13 > User13 = Module? (TBD)
4x User14 > User14 = Module? (TBD)
more…
text
creating a Joomla site - discovering Joomla SEO Settings
Posted by Mark Raborn in Joomla on March 17th, 2009
Joomla SEO
In our first article ____ we downloaded and installed Joomla as well as acquired some tools to work with our Joomla site. Today, we’re going to check out Joomla SEO Settings.
First, let’s login to the Admin Panel and set some the native SEO configuration settings.
Joomla SEO Requirements
Requirements needed for SEO friendly URLS in Joomla
- must be running Apache Web Server
- mod_rewrite module must be enabled
- .htaccess must be allowed in Apache configuration
We’d like to compliment our host Dreamhost and link to their WIKI as helpful guide to .htaccess and mod_rewrite
- mod_rewrite - http://wiki.dreamhost.com/Mod_rewrite
- htaccess - http://wiki.dreamhost.com/Htaccess
.htaccess in Joomla
To prepare for Joomla SEO, we must first make the htaccess file included in Joomla active by renaming it from htaccess.txt to ( .htacess ). We can get a hand from the Joomla community about setting up Global Configuration and htaccess here:
- http://www.teachmejoomla.net/joomla-mambo-tutorials-and-howtos/general-questions/how-to-enable-seo-on-joomla.html
- http://www.joomlaseo.net/Joomla/SEO/Joomla-1.5-Search-Engine-Friendly-URLs.html
- http://www.compassdesigns.net/joomla-blog/Joomla-SEO-in-2-Easy-Steps.html
The Joomla Documentation Wiki - in the future the WIKI should also provide good content (wiki Global Configuration article currently incomplete as of 2009-03-16) http://docs.joomla.org/Global_configuration
Joomla SEO Global Configuration
Setting SEO Friendly settings
- Search Engine Friendly URLs = YES (your ISP’s server must support this)
- User Apache mod_rewrite = YES (your ISP’s server must support this)
- Add suffix to URLs = YES (your ISP’s server must support this)
Joomla 1.5 SEO Patch
Alledia.com is a great resource for Joomla SEO information. Their site is here: http://www.alledia.com One Alledia.com recent post mentions the Joomla SEO Patch. Joomla 1.5 SEO Patch is available for download from oomlaAtWork and helps with METADATA and title settings in the HTML header. The extension can be viewed here
http://extensions.joomla.org/extensions/3778/details
and support from JoomlaAtWork is here
http://www.joomlatwork.com/support.html
SEO How To Articles, Tools and Practical Improvements
Alledia.com
A great search to enter at Alledia are the words global configuration which yield results like:
SEO ARTICLES
- http://www.alledia.com/blog/joomla-news/final-seo-whitepapers-for-joomla-16/
- http://www.alledia.com/blog/joomla-15/top-ten-joomla-seo-improvements/
- http://www.alledia.com/blog/search-engine-optimisation-seo/solve-the-most-common-joomla-seo-problem/
- http://www.alledia.com/blog/search-engine-optimisation-seo/using-the-alias-as-the-page-title-for-joomla-seo/
- more…
JOOMLA URLs and ITEM IDs
- http://www.alledia.com/blog/seo/url-changes-in-joomla-15/
- http://www.alledia.com/blog/joomla-tips-a-tricks/understanding-joomla-urls-and-itemids/
- http://www.alledia.com/blog/joomla-urls/joomla-url-week-part-2-default-sef-urls/
- more…
GOOGLE ANALYTICS ARTICLES
- http://www.alledia.com/blog/joomla-tips-a-tricks/google-analytics-goals-in-joomla/
- http://www.alledia.com/blog/vlogs/video-explaining-google-analytics-funnels-in-joomla/
- more…
FIREFOX SEO PLUGIN
JOOMLA CACHE PLUGIN & SITE SPEED IMPROVEMENTS
- http://www.alledia.com/blog/product-reviews/new-joomla-cache-component/
- http://www.alledia.com/blog/search-engine-optimisation-seo/make-sure-your-joomla-site-runs-fast-part-2/
- more…
JoomlaSEO.net
JoomlaSEO.net also has a series of good articles here
- http://www.joomlaseo.net/Joomla/SEO/Joomla-Sitemap.html
- http://www.joomlaseo.net/Joomla/SEO/Joomla-1.5-Search-Engine-Friendly-URLs.html
- http://www.joomlaseo.net/Joomla/SEO/Joomla-SEO-Patch.html
- http://www.joomlaseo.net/Joomla/SEO/PDF-Duplicate-Content.html
- http://www.joomlaseo.net/Joomla/SEO/Firefox-SEO-Extensions.html
- http://www.joomlaseo.net/Joomla/SEO/Joomla-Meta-tag-Generator-Component.html
- http://www.joomlaseo.net/Joomla/SEO/Joomla-RSS-Feeds.html
- http://www.joomlaseo.net/Joomla/SEO/Underscores-or-dashes.html
- http://www.joomlaseo.net/Joomla/SEO/Search-Engine-Tutorial-For-Joomla.html
- more…
CompassDesigns.net
CompassDesigns is another well know Joomla blog to review. Check them out here
will add more soon….
creating a Joomla site - Installation Day
Posted by Mark Raborn in Joomla on March 17th, 2009
today we’re going to create a Joomla site
We’ll need some tools first. We’re only installing Joomla in this article but since our article series will continue, let’s get our Web Editor and Image editor as well as the File Transfer and Compression Tools we’ll need to get our site up and running. Since I’m using Windows let’s download the following:
- FREE - ZIP compression tool - 7zip - http://www.7-zip.org/
- FREE - FTP tool - FileZilla - http://filezilla-project.org/
- FREE - Web editor - http://www.w3.org/Amaya/
- FREE - Web editor - http://www.net2.com/nvu/
- FREE - Image Editor - GIMP - http://www.gimp.org/
Next we need to download Joomla to our hard drive. We can download the files here
http://www.joomla.org/download.html
It’s available in .zip, tar.giz, and tar.bz2
Next, we must unpack the compressed Joomla files using our .zip utility (7zip). We can then upload them to our site using Filezilla via FTP . Uploading “uncompressed” Joomla files will take some. Please note there are ways of uploading the files in a compressed statle and then unpacking them on your ISP’s server however for simplicities sake right now, we’ll simply unpack them locally and use FTP to upload.
Next, we need to confirm we have an FTP account with our webhost. This may be the same username and password you use to access your ISP account. Many webhost provide tools to create additional FTP usernames which is good for keeping credentials seperate for the different web sites you create.
Now we need to create a database to use with Joomla. Joomla uses MySQL Community Edition which is free and available here http://dev.mysql.com/downloads/ . Many webhosts provide MySQL services and data storage for free. Check with your host and learn more and how to use MySQL tools using their ControlPanel.
Next, using MySQL, create a database for Joomla. You will need to log the following:
- SQL HOSTNAME (the name of the database host at your ISP)
- SQL DATABASE NAME (the name of the new database you created for Joomla)
- SQL USERNAME (your database username)
- SQL PASSWORD (your database password)
Now we should have the following:
- a directory on our webserver with the Joomla files uploaded an unpacked
- and FTP username and password to upload and work with files in Joomla
- a database at our webhost
- the MySQL hostname, database name and user credentials to begin installation
Once these items are in place, we can begin installation of Joomla. Simply go to your web browswer and type the URL (web address) of the location at which you uploaded your Joomla installation files. Once you’ve typed the web address, press enter and the Joomla installation wizard will begin.
To view Joomla’s online installation manual please read http://docs.joomla.org/Beginners#Installation
You can read more about installation and Joomla basics and advanced topics here http://docs.joomla.org
Next article, well take a look at Joomla templates
SBS 2008 series : VPN setup in Small Business Server 2008
Posted by Mark Raborn in VPN on March 8th, 2009
How To Configure a SBS 2008 Virtual Private Network ( VPN )
VPN ( Virtual Private Networks ) are essential vehicles for mobile and home office based employees to gain access to resources on their company internal networks. Included in the software of Small Business Server are the components that also support VPN access. Today’s post is a guide to understanding the setup of up a virtual private network on your Small Business Server as well as an open discussion of some of key aspects of completing that configuration sucessfully.
BTW… our VPN walkthrough for SBS 2003 is here
Remote Access Services ( RRAS ) : using the Windows SBS Console to configure RAS and open TCP port 1723 in Windows Firewall
The first step to granting remote access to mobile or home based workers directly to the internal network is to allow that type of access to occur. In Small Business Server 2008, the process is simple and can be completed using the built in Remote Access wizards. Here’s how:
- Launch Windows SBS Console
- select the Network tab
- select the Connectivity tab
- in the main section, observe the list of connections (their Names, Descriptions and their status)
- in the right hand pane, under Tasks, select Configure a Virtual Private Network
- this will launch the Setup Virtual Private Networking wizard
- select Allow users to connect to the server by using a VPN , click Next
- the system will configure virtual private networking on server and if possible, configure your Internet Router as well.
- These functions functions combine what Small Business Server 2003 accomplished with the CEICW and Remote Access Wizard.
- NOTE: your Firewall and/or Internet Router must have PNP configuration enabled for SBS to configure the Firewall/Internet Router. In many cases it will be necessary to manually configure the router/firewall opening TCP port 1723 for Virtual Private Networking.
- The Setup Virtual Private Networking Wizard will execute at this point configurin VPN on the Server and the Firewall/Internet Router (if possible)
- If the Wizard completes “successfully”, a confirmation is displayed.
- “IF” there are any issues or failures in configuring the VPN or the Firewall/Internet Router, Details on the failure(s) will be linked
- once complete, move on to the Users and Groups and allow VPN access (content below)
HERE ARE A SERIES OF SCREENSHOTS OUTLINING THESE STEPS
Windows SBS Console Small Business Server 2008
SBS Console Configure a Virtual Private Network Small Business Server 2008
Allow Users to connect to the server by using a VPN Small Business Server 2008
Setting up virtual private networking Wizard Small Business Server 2008
The Virtual Private Networking Wizard makes all this look easy (and that’s a good thing unless you like books as much as this writer does ). So that we gain understanding of what accomplished by the wizard, let’s look a little deepr at what VPN Setup wizard is being asked to do:
Virtual Private Networking wizard finished successfully Small Business Server 2008
If any Warnings are present, we should View Warning Details
Warning Details - Server cannot open ports on the router. Manually open port 1723. Small Business Server 2008
What we see here is a reminder to open TCP Port 1723 on our Firewall/Internet Router (i.e. create and Inboud rule passing PPTP traffic). Since our Firewall/Internet Router does not have PNP configuration enabled, we will do this manually later in the article.
Grant SBS 2008 Users permission to remotely access the Small Business Server network
Because Small Business Server takes care of configuring the Routing and Remote Access Service policies for us including which “Security Groups” are allowed VPN access, all that is left for us to do is make sure our VPN users are placed in the appropriate Group.
On Small Business Server 2008 that group is named: Windows SBS Virtual Private Network Users
Group assignment is still entirely wizard based in the new SBS, so being an Admin on the box is still very easy. Here’s how to assign VPN access rights to a User:
- Launch the SBS Console
- Select Users and Groups, then select the Users tab
SBS Console - Users and Groups - User Properties - Small Business Server 2008
- Select the User to whom you wish to assign the right to access the VPN.
- Open the Properties dialog for the User, select Remote Access
- click OK, your done! (and of course… move on to the next User until all users have been granted access)
Remote Access - User can access Virtual Private Network Small Business Server 2008
A quick note about the new Groups in SBS 2008: Small Business Server has become far more granular with it’s permissions in the 2008 release. One aspect of this granularity can be found in the variety of new security Groups. To view these groups, select the Users and Groups [tab] in the WIndows SBS Console.
Groups tab in SBS Console Users and Groups - Small Business Server 2008
We can also view our specific target Group in assigning a User access to the Virtual Private Network: The Windows SBS Virtual Private Networking Users. This SBS specific VPN Group can be seen here in the Windows SBS Console.
Windows SBS Virtual Private Network Users - Small Business Server 2008
Once Remote Access Services have been configured and once Users have been added to the Windows SBS Virtual Private Network Users security group, it’s time to configure the external Firewall and/or Internet Router Firewall.
Configuring the External Hardware Firewall for VPN Virtual Private Network access
Most Small Business Networks deploy a hardware firewall of some sort (or at least enable the firewall in the Internet Router). “How To” configure a hardware firewall varies from device to device so do your homework. You will need to consult the manufacturers resources and owners manual for specifics. In general , the key first step for our VPN is to open TCP port 1723 allowing PPTP Point to Point Tunneling Protocol traffic INBOUND to your SBS Server. The second step is to allowGRE and IPSec passthrough.
STEPS:
- PPTP “FIRST STEP” - TCP Port 1723 must be allowed to pass PPTP traffic INTO your SBS 2003 server. This is accomplished by port mapping traffic from the Firewall to the IP address of the Small Business Server (remember, the new SBS uses only 1 NIC).
- 1 NIC - create an INBOUND rule “port-mapping” TCP Port 1723 to the Local Area Network (LAN) facing Network Interface card - port mapping is generally done when only one network interface is installed on the SBS Server (NOTE: 1 NIC is the default now in SBS 2008). To pass VPN connection requests from a public facing IP, map them to the internal IP of the SBS 2008 Server.
- Your firewall may describe terms such as: PPTP, Port 1723, VPN, Remote Access, etc….
- GRE “SECOND STEP” - GRE Protocol 47 must be allowed to pass traffic also (this allows “Authentication” to occur over PPTP VPN connection once the connection has been made)
… Generic Routing Encapsulation (the GRE Protocol 47) passes IPSec traffic (Internet Protocol Security) for the IPSec session that is part of Client Computer connection process. If the GRE protocol does not pass, the connection cannot “authenticate”. This “Authentication” failure will occur even when PPTP traffic has been allowed by opening TCP Port 1723 (PPTP) on your firewall. GRE issues most often occur client side when a GRE block results in the Username and Password authentication failing to finish the authentication process because of the block. In this case, the VPN connection attempt simply times-out on the client side. This is experienced by the User as a Verifying User name and password dialog (show during the connection process) that just hangs there with the progress bar running on and on.
To pass GRE Protocol 47 on your firewalls (Client side -and- Server side) look for features that:
- enable the “VPN feature” (if one exists)
- enable “IPSec pass through” (if IPSec pass through exists)
- expressly allows the GRE protocol (GRE = Protocol 47)
- explicitly creates Inbound and Outbound rules allowing GRE and IPSec passthrough
- NOTE: you may have to upgrade your Router’s Firmware or your Firewall’s Firmware to enable/access these features on older devices
An explicit Rule (if you have to define one) would take on these objectives:
#PPTP Virtual Private Network
pass protocol tcp, to port 1723 >> state, done
pass protocol 47 >> done
Whatever the case, passing GRE Protocol 47 from inside>out is needed to allow IPSec traffic for your authentication. This is most often a concern for the end user at their home or reote location (meaning not the Server side - BUT ON THE CLIENT SIDE). Many home firewalls may block (and often do block) GRE traffic by default. Please provide these helpful links about GRE and passing Generic Routing Encapsulation traffic to your users.
- Troubleshooting remote access VPNs
- You receive an “Error 721″ error message when you try to establish a VPN connection through your Windows Server-based remote access server
- VPN Tunnels - GRE Protocol 47 Packet Description and Use
Testing a Client VPN Connection and confirming DHCP is assigning VPN IP Addresses
Once your VPN is setup and the Firewall rules established, testing your VPN is the next step. A Client Computer should be used to create a VPN Connection to the SBS 2008 Server and test the SBS 2008 VPN. Workstations have this connectivity built in and making the connection is as easy as using the Network Connection wizard available in both Windows Vista or Windows XP.
Since this article is about the Server side, I want to focus on one particularly “overlooked” aspect of VPN connections…. DHCP.
Earlier in our article (when we described just exactly what the Remote Access Setup Wizard accomplishes) we learned the RAS wizard completes this task:
- Use DHCP to assign IP addresses to remote client computers
The importance of this can be most effectivly communicated with a screenshot of the DHCP management console. This screen shot is taken after VPN connections have been made.
DHCP leases assigned to the Remote Access Service in Small Business Server 2008
Looking at the DHCP console, we can see a series of leases assigned to the Remote Access Service (you can confirm a RAS lease is made just by looking under the Unique ID column for the word RAS ). In viewing DHCP we confirm both the RAS description on Unique ID as well as a different icon (computer with phone) for IP leases from RAS. Realizing then that RAS is handing out IP’s from DHCP , we recognize why the SBS DHCP service is so important to the Client VPN connections made through RAS.
When the Remote Acccess service is properly configured and a remote connection is made the the VPN, the Remote Access service grabs a range of IP addresses from DHCP. These IP’s are reserved for additional VPN clients “immediately” upon the first VPN connection being made. The default number of additional leases requested by RAS (and reserved from DHCP) is 10.
The reason we discuss this here is that Small Business Server 2008 is designed to shut down the DHCP Service “automatically” if it senses another DHCP Server anywhere on the network (routers, wireless routers, DSL modems, Firewalls, etc…). Although this may seem a little “off-topic”, in reality it’s not. In short, if DHCP fails or is disabled on SBS, there is no way for SBS DHCP to provide DHCP leases to RAS.
While most administrators review their network topology and know exactly how DHCP is implemented (some small offices do not). When the LAN has been happily functioning based on DHCP “working somewhere”, it’s not always a big deal. However, being clear on where and how IP’s are handed is very important for your VPN Connections. Not only this, but in some Small Business Server deployments I have been asked to review, DHCP is intentionally given over to the Internet Router so that if there is a Server failure, client computers can still access the internet. While this may be a reasonable solution on some levels (one I do not support BTW), it does negate all the additional DHCP configurations that are made or customized by the SBS DHCP Server. Failing to use the SBS DHCP Service in this case can lead to incorrect scope options, proper DNS Server not being defined, entires in SBS DNS never being seen by the network, and so on.
The key point for our article is this, if the DHCP Service has been assigned to an Internet Router or some other device in your network, the Remote Access Service may not be able to provide (or authorized to request) DHCP address to client computers making VPN connections.
A properly configured VPN that can appropriately access DHCP on Small Business Server 2008 will effectivvely provide DHCP leases to both client computers on the LAN and remote access computers connecting on the VPN.
To see this in it’s VPN form, let’s take a look at this sample IP Configuration from a client computer which has connected to a SBS VPN. In this Configuration please note there are two IP leases that have been made.
- one using the PPP WIGITAL VPN Connection
- note the ourcompany.pri Domain (provided by DHCP on the SBS 2008 Server)
- note the 10.13.15.x subnet (provided by DHCP on the SBS 2008 Server)
- one using the Wireless Network Connection
- note the my.homenetwork.local Domain (provided by the home network Wireless Service Set)
- note the 192.168.1.x subnet (provided by the home network Wireless Service Set)
To view this data: from the computer connected to the VPN, go to Start, Run, type CMD, at the command line type IPCONFIG /ALL
Windows IP Configuration
Host Name . . . . . . . . . . . . : my-mackbookpro
Primary Dns Suffix . . . . . . . : ourcompany.pri
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ourcompany.pri
my.homenetwork.localPPP adapter WIGITAL VPN Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WIGITAL VPN Connection
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.13.15.18(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 0.0.0.0
DNS Servers . . . . . . . . . . . : 10.13.15.1
Primary WINS Server . . . . . . . : 10.13.15.1
NetBIOS over Tcpip. . . . . . . . : EnabledEthernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Marvell Yukon 88E8058 PCI-E Gigabit Ethernet
net Controller
Physical Address. . . . . . . . . : 00-2F-F3-D0-EE-93
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : YesWireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . : my.homenetwork.local
Description . . . . . . . . . . . : Brodcom 802.11n Network Adapter
Physical Address. . . . . . . . . : 00-2F-6B-CC-37-2C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::b81a:ccdf:b0b4:254d%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.46(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, March 08, 2009 7:34:16 PM
Lease Expires . . . . . . . . . . : Monday, March 09, 2009 7:34:18 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.1
192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Reviewing the IPCONFIG DATA should give us all ample reminder to check out DHCP, confirm DHCP is providing leases to the Remote Access Server and work with our client connections to make sure those leases are being handed out properly.
That concludes our article.
Thanks for reading. Please comment for the community. If this information has helped you, please link back here. It helps us as well as others who may need the information.
Thank you.
Mark Raborn
WIGITAL
PS…
| Note | |
| It is recommended that you set up a VPN only if Remote Web Workplace does not meet the needs of your organization. While Remote Web Workplace provides remote access to several network resources, some line-of-business applications require the computer to be connected to the network. For these scenarios, you can use a Virtual Private Network. For information about setting up Remote Web Workplace on Windows SBS 2008, see the Microsoft Web site ( http://go.microsoft.com/fwlink/?LinkId=105270 ). |
more
VPN Guide to Small Business Server 2003
Posted by Mark Raborn in VPN on March 8th, 2009
Small Business Owners sometimes need their employees to access network resources from outside the office. One of the tools well suited to provide a Virtual Private Network connection to a company’s internal resources is Small Business Server 2003. Today’s article is about “How to Setup a VPN” ( Virtual Private Network) on SBS 2003 using the built in CEICW and RAS Wizards. We will also visit the Routing and Remote Access Service console in SBS 2003 (just a little bit) to see how access is granted and where current connections can be monitored.
BTW… our VPN walkthrough for SBS 2008 is here
How to configure a SBS 2003 VPN Server
Connect to Internet and open TCP port 1723 in RRAS Routing and Remote Access using the SBS 2003 CEICW
(NOTE: the default port for PPTP is TCP 1723)
- launch Server Management
- from the Home Page, select Internet and Email
- from the links in Manage Internet and Email, select Configure Remote Access
- this will launch the Configure Email and Internet Connection Wizard
- click Next and move through the configuration screens until you reach the Firewall configuration screen
- select ( ) Enable Firewall, click Next
- check the box [ ] Virtual Private Network, click Next
- click Next and move through the configuration screens until you reach the final Completing the CEICW configuration screen and click Finish
Manage Internet and Email SBS 2003
CEICW Configure Email and Internet Connection Wizard SBS 2003
Firewall - CEICW Configure Email and Internet Connection Wizard SBS 2003
Services - Virtual Private Network SBS 2003
Completing CEICW SBS 2003
completed successfully CEICW SBS 2003
At this point the CEICW wizard has gathered the fields and parameters necessary to execute our selections. Most importantly for this walkthrough, CEICW configures the RRAS (Routing and Remote Access Service) for our VPN. This opens the firewall TCP port 1723 which is the default port for PPTP VPN traffic in Windows Server. The CEICW also opens other ports based on our selections for all services that the wizard has configured.
The next step (now that TCP Port 1723 is open), is to enable and configure the Remote Access Services (RAS).
Enable Remote Access and VPN from the SBS 2003 To Do List
- launch Server Management
- select the To Do List
- in the To Do List, select (3) Configure Remote Access
- this will launch the Remote Access Wizard ,click Next
- select ( ) Enable remote access
- select the check box [ ] VPN access
- if needed, select the check box [ ] Dial-in access
- enter the VPN Server Name and click Next
- at the Completing the Remote Access Wizard screen, click Finish
To Do List - Configure RAS SBS 2003
Remote Access Wizard SBS 2003
Remote Access Method SBS 2003
VPN Server Name SBS 2003
Completing Remote Access Wizard SBS 2003
I consider this final page of the SBS 2003 Remote Access Wizard (directly above) a little gem for the Administrator. It’s helpful because it provides details informing us of what is about to occur:
- Enable virtual private networking (VPN)
- Create packet filters for Point-to-Point Tunneling Protocol (PPTP)
- Enable Point-to-Point Tunneling Protocol (PPTP) to pass through the firewall (NOTE: this step already completed using CEICW)
- Use DHCP to assign IP addresses to remote client computers
- Create the Client Connection Manager configuration file, which is used to configure remote access settings on remote client computers.
- Configure the remote access policy to allow members of the Mobile Users group to use remote access.
- Mobile client computers, such as laptops, that are currently connected to the local network can now be configured with the connection settings. Do this by running the Setup Computer Wizard and selecting the option to install Connection Manager.
- Remote client computers not currently connected to the local network can download Connection Manager from the Remote Web Workplace Web site at https://vpn.ourcompany.com/remote. Alternatively, you can create a remote connection disk. You can then use the disk to configure the remote client computer to connect to the local network.
Remote Access Configuration successful SBS 2003
Understanding where Remote Access Service lives in Small Business Server 2003
The Remote Access Service can be viewed by launching the Microsoft console for Routing and Remote Access Management (RRASMGMT.msc) from the Administrative Tools of Windows Server.
- GO TO Start menu
- hover over Administrative Tools and then select Routing and Remote Access
- the RRASMGMT.msc will launch
Routing and Remote Access Service SBS 2003
Among thenodes for Network Interfaces, Ports, and IP Routing are Remote Access Clients, Remote Access Policies and Remote Access Logging. It is here where the Remote Access Wizard has configured RAS to permit your Client Workstations and Client Laptops to connect to your VPN. Becoming familiar with the RRASMGMT console is important when managing, troubleshooting, and maintaining Remote Access to your server.
RRAS - Remote Access Policies SBS 2003
By looking at Remote Access Policies, we can see the RAS Wizard has created a Small Business Remote Access Policy (a set of rules to govern the connection - such as “who” can connect)
RRAS - Small Business Remote Access Policy SBS 2003
The Small Business Remote Access Policy Properties dialog box displays which Windows Groups must match the policy to be allowed access to the VPN. In this case, it is the SBS Mobile Users Group. Therefore, whatever users you intend to have access to the SBS 2003 VPN must have membership in the SBS Mobile Users Group.
RRAS - Remote Access Policy properties SBS 2003
Opening this Policy entry confirms that in Small Business Server 2003, there is only one Group by default that is granted access by the RAS Wizard. Adding users to this group is easy. As an administrator, access the Users tools in the SBS Server Management console. Any user may be granted VPN Access by giving them membership in the Mobile Users Security Group. (NOTE: Power Users Security Group, or Administrators Security Group also have access).
SBS Default User Templates are:
- Users Template
- Mobile Users Template (includes membership in the SBS Mobile Users Group)
- Power Users Template
- Administrator Users Template
The SBS Mobile Users is sufficient as Power Users and Administators obviously have additional access permissions.
RRAS - Groups in Remote Access Policy SBS 2003
To read more about RAS and Routing and Remote Access in Small Business Server, please read the Elements of a remote access policy section of the Remote Access Help.
HELP - Remote Access Policy Help SBS 2003
Configuring the External Hardware Firewall for VPN Virtual Private Network access
Once the CEICW and RAS wizards have been properly run on the Small Business Server, the next step is configuring the hardware or “external” FIREWALL.
Most Small Business Networks deploy a hardware firewall of some sort (or at least enable the firewall in the Internet Router). How to configure a hardware firewall will vary from device to device. The key first step is to open the TCP port 1723 to pass PPTP Point to Point Tunneling Protocol traffic INBOUND to your SBS Server. Please read your firewall documentation to confirm your methods.
Key points include:
- PPTP “FIRST” - TCP Port 1723 must be allowed to pass PPTP traffic INTO your SBS 2003 server. This is accomplished in two ways depending on the number of Network Interface Cards installed on the SBS server.
- 2 NICs - create an INBOUND rule passing TCP Port 1723 to the Wide Area Network (WAN) facing Network Interface card installed on the SBS Server. This routes an Internet request to a special NIC uses specifically to harden access to the SBS Server (SBS 2 NIC scenario).
- 1 NIC - create an INBOUND rule “port-mapping” TCP Port 1723 to the Local Area Network (LAN) facing Network Interface card - port mapping is generally done when only one network interface is installed on the SBS Server and an outside IP address must be “mapped” to an internal LAN IP address. This routes a request from the Internet directly to a Local Network IP inside your network for the SBS Server (SBS 1 NIC scenario).
- Your firewall may describe these terms: PPTP, Port 1723, VPN, Remote Access, etc….
- GRE “SECOND but not least important” - GRE Protocol 47 must be allowed to pass traffic also (this allows “Authentication” to occur over PPTP VPN connection once the connection has been made)
… Generic Routing Encapsulation (the GRE Protocol 47) passes IPSec traffic (Internet Protocol Security) for the IPSec session that is part of Client Computer connection process. If the GRE protocol does not pass, the connection cannot “authenticate”. This “Authentication” failure will occur even when PPTP traffic has been allowed by opening TCP Port 1723 (PPTP) on your firewall. GRE issues most often occur client side when a GRE block results in the Username and Password authentication failing to process because of the block. In this case, the VPN connection simply times-out on the client side. This is experienced by the User as a Verifying User name and password dialog (show during the connection process) that just hangs there with the progress bar running on and on.
To pass GRE Protocol 47 on your firewalls (Client side -and- Server side) look for features that:
- enable the “VPN feature” (if one exists)
- enable “IPSec pass through” (if a simple IPSec pass through exists)
- expressly allow the GRE protocol (GRE = Protocol 47)
- explicitly create Inbound and Outbound rules allowing GRE and IPSec passthrough
- NOTE: you may have to upgrade your Router’s Firmware or your Firewall’s Firmware to enable/access these features on older devices
An explicit Rule (if you have to define one) would take on these objectives:
#PPTP Virtual Private Network
pass protocol tcp, to port 1723 >> state, done
pass protocol 47 >> done
Whatever the case, passing GRE Protocol 47 from inside>out is needed to allow IPSec traffic for your authentication. This is most often a concern for the end user (NOT THE SERVER SIDE - BUT ON THE CLIENT SIDE) in that their home firewalls may block and often block GRE traffic by default. Please provide these helpful links about GRE and passing Generic Routing Encapsulation traffic to your users.
- Troubleshooting remote access VPNs
- You receive an “Error 721″ error message when you try to establish a VPN connection through your Windows Server-based remote access server
- VPN Tunnels - GRE Protocol 47 Packet Description and Use
Connect Client Workstations to the Small Business Server 2003 VPN Virtual Private Network
For administrators it should be clearly understood: Clients that frequently connect to a VPN “should be JOINED” to the Domain. This includes users who work at home, mobile sales people (laptop users), etc… Joining COMPUTERS to the Domain achieves a fundamental goal (improving security) by enabling the Domain to authenticate the “computers” as well as the users. Verifying COMPUTER ACCOUNTS provides a 2nd additional form of identity and therefore an additional layer of security. Joining computers to the Domain happily also makes accessing domain resources much easier.
In Small Business Server specifically, special consideration must be given to the “way users are joined to the SBS domain”. Small Business Server primarily uses the connectcomputer wizard. This must be taken into account for VPN users when first establishing their connections to SBS as the SBS Network Configuration Wizard (i.e. connectcomputer wizard) cannot be invoked “over the internet”. Machines therefore, intended for VPN use, should be brought into the corporate office if at all possible.
Note, a manual join over the internet can be achieved “IF” the user has the Join Workstations to Domain User Right or if the Administrator has previously created the COMPUTER ACCOUNT on SBS.
The two solutions are:
- CONNECTCOMPUTER WIZARD: Bring Client Computer to the Office. Use CONNECTCOMPUTER wizard in SBS 2003. Join computers intended for VPN connectivity to the Domain while connected to the SBS LAN. It is really best (and simplest) to plug-in directly to the internal network (and the Small Business Server) prior joining workstations/laptops
- In this scenario the COMPUTER is connected to the LAN and the connectcomputer wizard is accessed using Internet Explorer and typing http://connectcomputer.
- Once joined, the computer(s) can be relocated offsite, placed in a remote offices, secured for mobile use, etc….
- NOTE: this provides the added benefit of also being able to distribute applications, scripts and policies right away throug your network via Group Policy.
- MANUAL JOIN: VPN computers can be manually joined to the domain by adding the COMPUTER account using traditional manual methods
- Administrators can first “manually add” the COMPUTER account on SBS Server (this is done in advance of a User connecting to the VPN). The User then connects to the VPN and then JOINs the machine to the Domain the first time. The Users must already be a member of the SBS Mobile Users Group to connect to the VPN. In this scenario the Users logs on to VPN - and then - using the computers System dialog, changes the DOMAIN NAME and the COMPUTER NAME to the Name created manually by the Administrator. This will JOIN the workstation to the domain
- End Users can also JOIN a computer to the domain if they are granted the Join Workstations to Domain User Right. The Users must already be a member of the SBS Mobile Users Group to connect to the VPN. In this scenario the Users logon to the VPN first - and then - using the computers System dialog, change the COMPUTER NAME themselves and JOIN the workstation to the domain themselves. End Users must be given the Join Workstations to Domain User Right to JOIN workstations outright with Administrator help (NOTE: this user right can be granted temporarily).
EXAMPLE - HOW TO CHANGE COMPUTER NAME AND DOMAIN NAME AND “JOIN A DOMAIN” FROM A REMOTE SITE (for your Mobile/Remote Users)
- Open the System tool in Control Panel
- ON WIndows XP and Windows Server 2003 clients, click the Computer Name tab and then click Change
- ON Windows 2000 clients, click the Network Identification tab and then click Properties
- enter the Computer Name provided by the administrator
- click OK confirm the settings
- restart the computer
- logon to the computer
- Connect to the SBS network using a VPN connection
- Open the System tool in Control Panel
- ON WIndows XP and Windows Server 2003 clients, click the Computer Name tab and then click Change
- ON Windows 2000 clients, click the Network Identification tab and then click Properties
- sele in the Member of section ct the radio button ( ) Domain:
- in the Domain: field, enter the name of your DOMAIN
- NOTE: the computer name should already have been changed correctly in the previous step (this is done in a 2 step process with a restart because I’ve seen failures numerous times on SBS if the COMPUTERNAME is not already configured when JOINING the network)
- click OK, click OK, restart the Computer
Testing a Client VPN Connection and confirming DHCP is assigning VPN IP Addresses
Once your VPN is setup and the Firewall rules established, testing your VPN is the next step. A Client Computer should be used to create a VPN Connection to the SBS 2003 Server and test the SBS 2003 VPN. Workstations have this connectivity built in and making the connection is as easy as using the Network Connection wizard available in both Windows Vista or Windows XP.
Since this article is about the Server side, I want to focus on one particularly “overlooked” aspect of VPN connections…. DHCP.
Earlier in our article (when we described just exactly what the Remote Access Setup Wizard accomplishes) we learned the RAS wizard completes this task:
- Use DHCP to assign IP addresses to remote client computers
The importance of this can be most effectivly communicated with a screenshot of the DHCP management console. This screen shot is taken after VPN connections have been made.
DHCP management console with Remote Access Services leases Small Business Server 2003
Looking at the DHCP console, we can see a series of leases assigned to the Remote Access Service (you can confirm a RAS lease is made just by looking under the Unique ID column for the word RAS ). In viewing DHCP we confirm both the RAS description on Unique ID as well as a different icon (computer with phone) for IP leases from RAS. Realizing then that RAS is handing out IP’s from DHCP , we recognize why the SBS DHCP service is so important to the Client VPN connections made through RAS.
When the Remote Acccess service is properly configured and a remote connection is made the the VPN, the Remote Access service grabs a range of IP addresses from DHCP. These IP’s are reserved for additional VPN clients “immediately” upon the first VPN connection being made. The default number of additional leases requested by RAS (and reserved from DHCP) is 10.
The reason we discuss this here is that Small Business Server 2008 is designed to shut down the DHCP Service “automatically” if it senses another DHCP Server anywhere on the network (routers, wireless routers, DSL modems, Firewalls, etc…). Although this may seem a little “off-topic”, in reality it’s not. In short, if DHCP fails or is disabled on SBS, there is no way for SBS DHCP to provide DHCP leases to RAS.
While most administrators review their network topology and know exactly how DHCP is implemented (some small offices do not). When the LAN has been happily functioning based on DHCP “working somewhere”, it’s not always a big deal. However, being clear on where and how IP’s are handed is very important for your VPN Connections. Not only this, but in some Small Business Server deployments I have been asked to review, DHCP is intentionally given over to the Internet Router so that if there is a Server failure, client computers can still access the internet. While this may be a reasonable solution on some levels (one I do not support BTW), it does negate all the additional DHCP configurations that are made or customized by the SBS DHCP Server. Failing to use the SBS DHCP Service in this case can lead to incorrect scope options, proper DNS Server not being defined, entires in SBS DNS never being seen by the network, and so on.
The key point for our article is this, if the DHCP Service has been assigned to an Internet Router or some other device in your network, the Remote Access Service may not be able to provide (or authorized to request) DHCP address to client computers making VPN connections.
A properly configured VPN that can appropriately access DHCP on Small Business Server 2008 will effectivvely provide DHCP leases to both client computers on the LAN and remote access computers connecting on the VPN.
To see this in it’s VPN form, let’s take a look at this sample IP Configuration from a client computer which has connected to a SBS VPN. In this Configuration please note there are two IP leases that have been made.
- one using the PPP WIGITAL VPN Connection
- note the ourcompany.pri Domain (provided by DHCP on the SBS 2008 Server)
- note the 10.13.15.x subnet (provided by DHCP on the SBS 2008 Server)
- one using the Wireless Network Connection
- note the my.homenetwork.local Domain (provided by the home network Wireless Service Set)
- note the 192.168.1.x subnet (provided by the home network Wireless Service Set)
To view this data: from the computer connected to the VPN, go to Start, Run, type CMD, at the command line type IPCONFIG /ALL
Windows IP Configuration
Host Name . . . . . . . . . . . . : my-mackbookpro
Primary Dns Suffix . . . . . . . : ourcompany.pri
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ourcompany.pri
my.homenetwork.localPPP adapter WIGITAL VPN Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WIGITAL VPN Connection
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.13.15.18(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 0.0.0.0
DNS Servers . . . . . . . . . . . : 10.13.15.1
Primary WINS Server . . . . . . . : 10.13.15.1
NetBIOS over Tcpip. . . . . . . . : EnabledEthernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Marvell Yukon 88E8058 PCI-E Gigabit Ethernet
net Controller
Physical Address. . . . . . . . . : 00-2F-F3-D0-EE-93
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : YesWireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . : my.homenetwork.local
Description . . . . . . . . . . . : Brodcom 802.11n Network Adapter
Physical Address. . . . . . . . . : 00-2F-6B-CC-37-2C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::b81a:ccdf:b0b4:254d%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.46(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, March 08, 2009 7:34:16 PM
Lease Expires . . . . . . . . . . : Monday, March 09, 2009 7:34:18 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.1
192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Reviewing the IPCONFIG DATA should give us all ample reminder to check out DHCP, confirm DHCP is providing leases to the Remote Access Server and work with our client connections to make sure those leases are being handed out properly.
That concludes our article.
Thanks for reading. Please comment for the community. If this information has helped you, please link back here. It helps us as well as others who may need the information.
Thank you.
Mark Raborn
WIGITAL