Microsoft Study Bible

November 25, 2009

SQL Server Compact on Windows 7 x 64-bit

Filed under: Server technologies, Windows — Tags: , , , , — Jackson @ 5:39 am

Today, when I use Visual Studio 2008 to develop a simple SQL Server Compact 3.1 application on Windows x64 platform, throws the following exception:

Message: “An attempt was made to load a program with an incorrect format. (Exception from HRESULT: 0×8007000B)”

StockTrace:

  StockTrace

  System.BadImageFormatException: An attempt was made to load a program with an incorrect format. (Exception from HRESULT: 0×8007000B)

  at System.Data.SqlServerCe.NativeMethods.CreateErrorInstance(IntPtr& pError)

  at System.Data.SqlServerCe.SqlCeCommand..ctor()

at WindowsApplication1.NorthwindDataSetTableAdapters.EmployeesTableAdapter.InitAdapter() in D:\Documents\Visual Studio 2005\Projects\WindowsApplication1\WindowsApplication1\NorthwindDataSet.Designer.cs:line 6400

at WindowsApplication1.NorthwindDataSetTableAdapters.EmployeesTableAdapter.get_Adapter() in D:\Documents\Visual Studio 2005\Projects\WindowsApplication1\WindowsApplication1\NorthwindDataSet.Designer.cs:line 6324

at WindowsApplication1.NorthwindDataSetTableAdapters.EmployeesTableAdapter.Fill(EmployeesDataTable dataTable) in D:\Documents\Visual Studio 2005\Projects\WindowsApplication1\WindowsApplication1\NorthwindDataSet.Designer.cs:line 6607

at WindowsApplication1.Form1.Form1_Load(Object sender, EventArgs e) in D:\Documents\Visual Studio 2005\Projects\WindowsApplication1\WindowsApplication1\Form1.cs:line 29 

at System.Windows.Forms.Form.OnLoad(EventArgs e)

at System.Windows.Forms.Control.CreateControl(Boolean fIgnoreVisible)

at System.Windows.Forms.Control.CreateControl()

at System.Windows.Forms.Control.WmShowWindow(Message& m)

at System.Windows.Forms.Control.WndProc(Message& m)

at System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m)

at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)

Think it carefully .SQL Server Compact 3.5 SP1 just can support Win7 x 64 platform, SQL Server Compact 3.1 and 3.5 should run only through WOW64 mode .WOW64 is an Emulation Layer which allow 32-bit applications run on 64-bit platform. This seems that the 32-bit applications run on the 32-bit platform.

That problem is familiar on the internet .Generally speaking ,the answer is to install 64-edition SQL Server Compact 3.5 SP1.However ,what I need to resolve is SQL Server Compact 3.1 .What should we do ?

It is very simple. “Any CPU” is the default target platform Visual Studio 2005/2008 creates the project on. we just change it to be “x86”.So,the complied program will run through WOW64 mode.

Share This

October 30, 2009

The fighting between Microsoft and Open source.

Filed under: Windows — Tags: , , — Jackson @ 5:01 am

For many years, the fighting between open Source Movement and Microsoft almost has been a religious war. The firepower of both parties .Microsoft boss Steve·Ballmer consider the open source movement as “a cancer”, while the founder Linus·Torvalds once hinted that he can destroy Microsoft as easy as blow off dust. Recently ,the founder of Lotus , Mozilla Foundation president Mitch Kapor think the war of Microsoft and Open source software has been ended ,because the resist of Microsoft and its followers is too weak to stand competition or attack.

Although Firefox has been considered as a great achievement, Kapor warned that in fact it was not the best example that show open-source movement have won .Instead ,he think this movement’s main achievement is unseen by people –those systems who support the network itself. He said that the history of Mozilla and Firefox is that it is never taken as “possible” example .and the success of Open-Source is it is back-end network, the invisible part that cannot be seen as users.

Share This

October 28, 2009

Linus Torvalds thumb up to Windows 7

Filed under: Windows — Tags: , , — Jackson @ 5:34 am

The release of Windows 7 throws a rock to the market of operating system, and makes a big splash. Especially, the rivals of the Microsoft have different attitudes to this. Apple once claimed that it is a good opportunity for apple to snatch pc users and would provide official support for windows 7 through Boot Camp software a few days ago.

Although the other important rival Linux have not declared his opinion to Windows 7, the father of Linux Linus Torvalds thumbed up to Windows 7.When Torvalds attend a seminar exhibition held in Japanese, right to the conference center ,the Microsoft was holding large-scale publicity conference .During meeting break, Torvalds was pulled across the street to “make fun of Microsoft”. Unexpectedly ,Linus Torvalds thumbed up ,which was taken photo of .This picture will go down in  history for ever .

423b4be4-33b5-48ad-b82a-e3c59cd1beb6

Share This

October 16, 2009

How to perform operation on library with managed code.

Filed under: Developer tools and applications, Windows — Tags: , , , , — Jackson @ 5:22 am

In the previous articles, we have discussed how to use Shell API to manipulate the library with unmanaged codes?

 So, what about the managed codes??

To display how to manipulate the library with the managed code, we create a console application written in Visual C#, and then add the reference of Microsoft.WindowsApiCodePack.dll and Microsoft.WindowsApiCodePack.shell.dll to the project. Now, we can use the object ShellLibrary .

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
// use the namespace the ShellLibrary located
using Microsoft.WindowsAPICodePack.Shell;
namespace LibraryDemoCS
{
    class Program
    {
        static void Main(string[] args)
        {
             // To definite the name the library and the path to save the folder
             string strLibName = “MyLib”;
             string strFolderPath = @”C:\”;
             // create library and add the folder.

             using (ShellLibrary library =new ShellLibrary( strLibName, true))
             {
                  library.Add(strFolderPath);
              }
               // To load the library which already exists and perform the operation.

               using (ShellLibrary lib = ShellLibrary.Load(“MyLib”, false))
               {
                    //To add new folder
                    lib.Add(@”D:\”);// To set properties
                     lib.IsPinnedToNavigationPane = true;
                     string strDefSaveFolder = @”D:\”;
                     // To set the default folder to save the file.
                     lib.DefaultSaveFolder = strDefSaveFolder;
                     // to traverse the folder in the library in the loop.

                    

                    // find and display the default folder.

                    foreach (ShellFolder folder in lib)
                    {
                        Console.WriteLine(“\t\t{0} {1}”, folder.Name, strDefSaveFolder ==folder.ParsingName ? “DefSaveFolder” : “”);
                      }
                  }
                  Console.Read();
               }
           }
}

In this code, we used the ShellLibrary object in Windows API Code Pack to manipulate the library such as: to create the library, to add the folder, and set the properties and traverse the folder that the library will manage, and so on. From the example, we can get to know that it is easier and more flexible to use managed code than unmanaged code.

Share This

How to manipulate the library with unmanaged codes?

Filed under: Developer tools and applications, Windows — Tags: , , , — Jackson @ 5:19 am

We could use the library Shell API in Windows 7 and unmanaged codes to manage the libraries .When downloading the software, we often used the folder to classify kinds of resources. For example, among those software, the resource which were downloaded were organized in “All downloads” .In fact, those resources could be stored in different directories and partitions on your hard disk. To be more conveniently use Windows-Explorer to access all of those resources, there is need to create a “MyDownload” library, which is corresponding to the Classified Management way of the “All downloads” file, and manage all of resources downloaded in.

   To better display how to manipulate the library with Shell API, we create a simple console application with Visual C++. In the main function, we’ll create and do the operation of library.

 #include “stdafx.h”
// the introduction of header files

#include <shobjidl.h> // introduce Shell API
#include <objbase.h> // define  IID_PPV_ARGS  macro
#include <Knownfolders.h> // introduce FOLDERID
int _tmain(int argc, _TCHAR* argv[])
{
    // COM initialization
    CoInitialize(NULL);
    // use Shell API to create a library
    IShellLibrary *pIShelLibrary;
    HRESULT hr = SHCreateLibrary(IID_PPV_ARGS(&pIShelLibrary));
    if (SUCCEEDED(hr))
    {
        // if the library are successfully created,add the paths of the different files to it.
        IShellItem *pIShellItem;
        SHAddFolderPathToLibrary(pIShelLibrary,
        L“C:\\Users\\Public\\Pictures”);
        SHAddFolderPathToLibrary(pIShelLibrary,
        L“C:\\Users\\Public\\Music”);
        SHAddFolderPathToLibrary(pIShelLibrary,
        L“D:\\Tools”);
        SHAddFolderPathToLibrary(pIShelLibrary,
        L“D:\\Video”);
        // store current library into the directories of the system library .
        // that is to say ,to add a new libraryMyDownload
        hr = pIShelLibrary->SaveInKnownFolder(FOLDERID_Libraries ,
        L“MyDownload”,
        LSF_MAKEUNIQUENAME,
        &pIShellItem);
       // release the object.
       pIShellItem->Release();
       pIShelLibrary->Release();
  }
    // release COM
    ::CoUninitialize();
    return 0;

 

In this code, at first, we introduce the header files that Shell API required .Then in the main function, because those APIs all are based on .COM, we should firstly do COM initialization .After initialization, we can do the operation of the libraries by Shell API. In the code example, we create a new library object with SHCreateLibrary function, and use SHAddFolderPathToLibrary function to add the paths on the hard disk into the library, that is, to use the library to manage the files under these paths. Afterwards, we stored this library created into FOLDERID_Libraries, that is, create a new library definition file under this directoryFinally, we need to release the object COM .After the above steps, we could see the library created in the file browser.

Share This

October 14, 2009

How to improving IIS 6.0 more secure?(part 2)

Filed under: Developer tools and applications, Windows — Tags: , , , — Jackson @ 4:43 am

6. Make Good Use of Web Service Extensions in IIS 6.0

 

Web Service Extensions in IIS 6.0 is a mighty ally in the fight for security. This feature prevents executable content from being delivered unless it is explicitly allowed by full path name. By default, IIS 6.0 will not deliver any executable content! This means that if you want to allow ASP to run you must configure Web Service Extensions to permit ASP.dll to execute. As a result, even if you granted a Web site the NTFS permission of Everyone—Full Control, and an attacker placed an executable in the Web site, they still could not run the executable from a URL. A 404—File not Found error would be returned. Figure 3 shows the default configuration that allows only static content to be delivered.

 

 fig03

Figure 3  IIS Manager

This feature can be disabled by electing to allow “All Unknown ISAPI” and “All Unknown CGI”. You may find yourself doing this when troubleshooting in order to remove potential problems. You will also find that developers who use IIS 6.0 will disable this feature as it can be quite annoying to have your most recent executables blocked every time you create a new one. This may be fine for your developers, but it is not fine on your production server.

 

 

7. Use Host Headers

 

This one surprises most administrators, but I recommend using host headers on your public-facing Web sites, even if you don’t need them. A host header is the HOST field that is part of the HTTP request sent from the client when contacting IIS. This field is required as part of the HTTP 1.1 specification. When you assign a host header to a site, the site must be accessed by the name entered in the host header field.

 

For example, if I assign contoso.com to a Web site’s host header field, then the user must type in http://contoso.com (which, of course, must resolve to the correct IP address) in order to connect to the server. If they type in http://www.contoso.com, the connection will fail. As a result, in the Advanced Configuration you should enter every name for which you have DNS configured to resolve to the IP address of the server.

 

I know you’re wondering why you should bother. The most aggressive and famous attacks in Internet history have all succeeded by finding servers to infect through some automated IP address scanning process. If you use host headers, your Web sites will not respond to an IP address. In other words, the Web site Contoso.com is always available when using Contoso.com or www.contoso.com, but if you use http://192.168.1.1 (the IP address of contoso.com) the connection is refused because the IP address does not match the host headers you entered for the site.

 

In this way, any future worms using an IP address scanning engine will miss you completely. This will not interfere with SSL as long as you have a unique IP address for each Web site.

 

 

8. Scrub Your Apps

 

I’d be remiss if I did not point out that the most likely point of attack on IIS these days is not the server itself, but the applications you host. After you’ve tightened up your server and you are successfully channeling all the untrusted traffic to port 80 on your Web server, you may still be hosting exploitable applications, in which case you’ve got a different kind of problem. This is not one that administrators can do much about. It would be a good idea, however, to check on your software design policy and be certain that it contains this directive: all user input is considered bad or malicious. This means that your applications must enforce validation of every entry in every form, every request to a service, and any other way the user has of entering content into the application. An attacker will try to enter all kinds of content into every field of an application to see what happens. A persistent hacker will not miss any of them, so you can’t either.

 

 

 

9. Keep Your Server Updated

 

Of course you must keep your server current with the latest updates for Windows Server 2003 as well as those for any other apps. The good news is that, as of this writing, IIS 6.0 has required zero critical security updates since it was released. This is an outstanding record that Microsoft is proud of and intends to continue. For more best practices, see “Checklist: Securing Your Web Server”.  

This article from:

http://blog.csdn.net/yjz0065/archive/2006/08/02/1011222.aspx

Share This

October 12, 2009

How to improve IIS security?(part 1)

Filed under: Server technologies, Windows — Tags: , , , , , , — Jackson @ 9:21 pm

Securing your IIS 6.0 installation  is an important task. The amount of work required can vary greatly depending on the complexity of your application as well as your infrastructure and how these combine with your need to secure content.

 

Too often, Web server security is seen as merely a series of steps taken to tighten access to the server. But at Microsoft, the policy is to implement defense-in-depth. This begins with an actual written policy that describes the actions to take should you be hacked. Securing your IIS installation is just one of several tactics, but it is an important one. In this column, I’ll cover nine important steps you can take to get a lot of security improvements with little impact on your applications, administration tasks, or Web server. Keep in mind that these tips are based on my experience and not necessarily Microsoft practice. 

1. Place your content on a non-system drive 

Let’s say your Web site files are stored at C:\inetpub\wwwroot. IIS receives a request for http://website/../../. What folder is IIS going to deliver from? In this case, it’s the root of the C drive, as “..” is a valid file system command that says move up one directory level (this is sometimes referred to as the parent path as it represents a path of the parent folder without knowing the actual name).

 

This is no different than opening a command window in the same folder and typing “cd..”. As a result, the URL http://website/../../winnt/system32/cmd.exe is often found in IIS log files. This attack will fail when using the latest versions of Internet Explorer® as they will not permit “..” in a URL, but attackers will use other HTTP clients to try to circumvent this failsafe. Of course, IIS 6.0 also includes protections against this sort of attack. IIS will utilize a canonicalization routine to map the URL back to the intended file to ensure that the user does not leave the root path of the site. Nevertheless, placing Web content on a non-system drive is an extra safeguard you can put in place to protect your system data should an attacker somehow circumvent these built-in countermeasures.

 

 

2. Disable Parent Paths

 There’s more than one way to do a directory traversal attack. As a result, it is best to ensure that parent paths are disabled. In IIS 6.0, the ability to use parent paths in files and ASP scripts is disabled by default, and it’s best to keep it that way to prevent attackers from injecting code into your applications that may allow them to browse your directory structure. Be sure to have your developers write code that does not make use of “..” in a URL or script when at all possible.

  

3. Check and Double-check Your NTFS Permissions

 

Proper access control lists (ACLs) on your files are the bedrock of your Web server security. You can harden all you want but if you mess up here, the game is over. So here’s how you should set permissions. Execute permission is needed for binary executables such as DLLs and EXEs. You should set Read permission for static content and scripts. You may have thought scripts required the Execute permission, but they don’t so you should not allow it. Only grant Write permission to security principals and resources that require it. Anywhere you permit Write and Execute, monitor for appropriate content. Create a group for users who need to publish to a Web site and assign Write permissions to the group. This makes administration easier.

 

Systernals provides a great tool called AccessEnum for helping you inspect your permissions. For more information, see sysinternals.com/Utilities/AccessEnum.html.

 

 

4. Know the Group Membership of the Anonymous User and Enforce Restrictive Permissions

 

The IUSR account (named IUSR_servername) is the account user to provide anonymous access to Web content. Created during the installation of IIS, IUSR is unique to each server. When anonymous access is enabled and NTFS permissions allow the kind of access requested (for example, Read permission for the IUSR account), IIS will access the content as if the request were made by someone who logged on as the IUSR user. This involves some sleight of hand behind the scenes that can get a bit involved. In a nutshell, though, IIS knows the password of the IUSR account and uses that password to automatically log the user onto the server.

 

Just like any user, the IUSR account has some group memberships. Giving permissions to any of these groups gives the IUSR account access to the content. The default memberships are: Everyone, Users, Guests, Authenticated Users, Network, Domain Users (if IIS is on a domain controller), and Web Anonymous Users (if the IIS portion of the Security Configuration Wizard has been run).

 

You can verify membership by using the W3Who.dll program from the IIS 5.0 Resource Kit. This ISAPI executable will report on the group memberships and rights of whoever invokes it. Put this file in a folder that has NTFS execute permissions for the IUSR account and allow anonymous access. Also configure the folder to allow Execute in the IIS manager and permit the executable to run in the Web Service Extensions configuration. Then invoke the DLL directly by typing http://servername/folder/w3who.dll to get the report.

 

If you don’t have a Web Anonymous Users group on your Web server, you should create one and add the IUSR account to this group. You can then take the extra measure of denying Write and or Execute permissions to this group in strategic locations. One of the key benefits of this approach is that you can add more users to the Web Anonymous Users group thereby enforcing more restrictive permissions on those special users who may try to poke around where they don’t belong.

 

 

5. Limit Ports Exposed to an Untrusted Network

 

Each open port on a Web server has a specific service listening for incoming requests. Typically, IIS listens on port 80 for HTTP and 443 for HTTPs connections. IIS has no requirement for any ports to be open other than those you want to use to communicate with the client. An attacker will find all the ports your server has open and attempt to exploit the listening service. As a result, it is very important to reduce the number of ports and services you expose to an untrusted network to the bare minimum.

 

The IIS server will typically communicate with a firewall which is designed to filter out all traffic that does not conform to a specific set of rules. Firewalls are highly reliable devices in general, but can be compromised due to misconfiguration or exploitation just like any other device. To practice defense-in-depth, design your site as if the firewall were local on the IIS server.

 

There are three techniques available aside from using commercial software. You can disable unnecessary services, use Windows® Firewall for port filtering, or use IPSec for port filtering, encryption, and authentication. Here’s what you need to do.

 

You can disable unnecessary services in the Service console. There you will notice that Windows Server™ 2003 has fewer services enabled by default than Windows 2000 did, but you should verify the services that are running to ensure they are all necessary in your environment and disable any that are not.

 

There is some risk involved as you may disable a service that is required by your server for purposes other than delivering Web content. The Security Configuration Wizard that is installed with Service Pack 1 (SP1) will help you safely reduce the number of services used by your server. You can do even more fine tuning if you take some time to study what these services do.

 

The most complete documentation I’ve found on disabling services is “The Threats and Countermeasures Guide”. You’ll find a complete list of the services installed, what they do, and what ports they use in the Services section. This is a must-have reference.

 

You can also disable File and Print Sharing and in some cases the Client for Microsoft Networks (as shown in Figure 1). This works well when you have a network card dedicated to communicating to the untrusted network that is restricted to Internet protocols.

Figure 1 Disable Services

 

 

 

 

  

Figure 1  Disable Services

Figure 1  Disable Services

 

Typically you will want your IIS server to communicate with other devices on the network to provide additional services for administration, authentication, database access, and monitoring. These services require additional ports and services to be available over the network. In this situation, you will want two networks available to IIS. One network connects to the firewall that receives requests from an untrusted network and has a minimum number of ports and services exposed. The other is the network that has been designed for secure internal communication, and can allow more services to be enabled. In this situation, it is very important to monitor IIS carefully so that if the server were to be compromised, the attack would quickly be identified to prevent the attacker from gaining access to the back-end network.

 

If you use Windows Firewall (see Figure 2), included with SP1, for port filtering you’ll find that it’s easy to restrict the ports exposed by the server. You can also specify which IP addresses the server will accept connections from. This allows you to create a rule that says “only communicate with the firewall’s IP address on ports 80 and 443.” When you implement port filtering in this way, you further reduce the exposure of ports to the untrusted network. In addition, by requiring IIS to communicate only with a specific IP address, such as a firewall, you help to prevent attacks that would redirect the IIS traffic to another device that may have been compromised by an attacker. You access the Windows Firewall settings by clicking the Advanced tab in the network interface properties. You can also use the Netsh command-line tool to configure the Windows Firewall from a command prompt or a script. You can find more information on Netsh by taking a look at “Help: Administering Windows Firewall with Netsh”.

Figure 2 Windows Firewall

 

 Figure 2  Windows Firewall

Your third choice, as I mentioned, is to use IPSec for port filtering, encryption, and authentication between servers. IPSec is great for securing connections to back-end network devices and has more capabilities than Windows Firewall. For details see “How To: Use IPSec to Provide Secure Communication Between Two Servers”.

Share This

September 25, 2009

Programming with libraries in Windows 7, VS2010??

Filed under: Developer tools and applications, Windows — Tags: , , , , , , — Jackson @ 2:30 am

Windows 7 has its share of highly visible user interface tweaks. After getting past the oohs and aahs of the spiffed-up taskbar, you’ll likely find the new look of good old Explorer the most dramatic difference. Click the Windows Explorer icon on the taskbar, or open Computer from the Start menu, and you’ll get a window that displays not only the standard expandable hard drive labels but also a new feature called Libraries. Before Windows 7 can be useful, you need to understand how it organizes your data with Libraries, the new features in Windows 7.

So, how to perform most of the management operations on a library?

As developers and programmers, how to explore the libraries in Windows7?

  In win7 OS, we can manually manage and create the libraries, and add and delete the folder. Howeverthe developers’  most concern is how to perform management operations in libraries and use libraries in applications .In order to use the libraries, Windows 7 provide the new IShellLibrary API to empower your applications to manipulate libraries.

  This can help ensure that applications remain in sync with user files and Windows since any change made to a library structure will be reflected in the application that is monitoring that library – giving us developers great power and great responsibility.

cfbc519f-ea08-41c8-b106-214cc9b894d2

On the above image ,the top layer is User Interface APIs ,which contains CFDNavigation bar Tree Controls, and so on. With User Interface APIs, we can call the new edition of CFD that support libraries to make the applications could support this new feature in libraries when our applications was opened or stored.

Here is a look at this feature in the application instance.

private void button1_Click(object sender, EventArgs e)
      {
          string strPath;
          // create the new edition of the common file dialog
          System.Windows.Forms.SaveFileDialog _fd = new System.Windows.Forms.SaveFileDialog();
          // set the properties of the Dialog

         fd.Title = “ Please select the location to save the file “;
          fd.FileName = “[ Select the folder-]“;
          fd.Filter = “Library|no.files”; // set the options and only choose Library
          // Display the Dialog
          if (_fd.ShowDialog() == System.Windows.Forms.DialogResult.OK)
              {
              // Get the result the uses chose .
              string dir_path = System.IO.Path.GetDirectoryName(_fd.FileName);
              if (dir_path != null && dir_path.Length > 0)
                  {

                         strPath = dir_path;
                  }
              }
              //use the path the users chose to do subsequent process
      }

 

  In addition to User Interface APIs, we’ll pay more attention to Shell API. With Shell API, we could perform management in libraries .In fact, we could modify the file .library-ms, and the system will read the information from the file to reorganize the data in libraries after the file is modified. This group Shell API has packed a number of .com objects. We could manipulate libraries with these objects, of which there are several ones in common usage below:

 IShellLink: this object could be a file, a folder or a link to the executable file.

IShellFolder: this object is to represent a folder object.

IShellLibrary:

Besides, Shell APIs also provide multiple auxiliary functions, which are used to manipulate the libraries .For example:

1.     Create a library and open a library that already exists.

2.     Add the folder to the library or delete a folder in library.

3.     Attain a folder list of a library.

4.     Attain or set the options of the library.

5.     Attain or set the icon of the library.

Through these Shell APIs, we can completely manipulate the library in the Operating System.

 

 

 

Share This

September 16, 2009

How to perform operations on libraries in Windows 7?

Filed under: Developer tools and applications, Windows — Tags: , , , , , — Jackson @ 11:57 pm

After creating the library, we’ll use Shell API to perform operations on libraries, such as to set the icon of the library, and the default path to save the library, or enumerate all of the folders in the library, and so on.

 

  #include “stdafx.h”
#include <shobjidl.h>
#include <objbase.h> // IID_PPV_ARGS macro
#include <Knownfolders.h>
#include <Shlguid.h.>
int _tmain(int argc, _TCHAR* argv[])
{
   CoInitialize(NULL);
    // Create the library
    //manipulate the library
    IShellLibrary *pslLibrary;
    // load the library that already exists and manage it .
    HRESULT hr = SHLoadLibraryFromParsingName(L“C:\\Users\\Win7\\
    AppData\\Roaming\\Microsoft\\Windows\\Libraries\\
    MyDownload.library-ms“,
    STGM_READWRITE, IID_PPV_ARGS(&pslLibrary));
    if(SUCCEEDED(hr))
    {
        // To set the icon of the library
        hr = pslLibrary->SetIcon(L“C:\\Windows\\System32\\SHELL32.dll,-14″);
        // To set the type of the library
        hr = pslLibrary->SetFolderType(FOLDERTYPEID_GenericLibrary);
        //traverse all folders in the library in the loop.
        IShellItemArray *psiaFolders;
        hr = pslLibrary->GetFolders(LFF_STORAGEITEMS,
        IID_PPV_ARGS(&psiaFolders));
        IEnumShellItems *penumShellItems;
        psiaFolders->EnumItems(&penumShellItems);
        DWORD dwCount = 0;
        psiaFolders->GetCount(&dwCount);
        IShellItem *psiFolder;
       // traverse all folders the library managed in the loop.
       for(DWORD dwIndex = 0; dwIndex < dwCount; ++dwIndex )
            {
                 // To obtain the folder
                 psiaFolders->GetItemAt(dwIndex, &psiFolder );
                 WCHAR strFolderName[256] = L“”;
                  LPWSTR *pName = (LPWSTR*)strFolderName;
                  // To obtain the name of the folder.


                  hr = psiFolder->GetDisplayName(SIGDN_NORMALDISPLAY,

                 (LPWSTR*)pName);
                 if(SUCCEEDED(hr))
                 {
                 // To compare the name of the folder with the “Tools”
                 // That is ,to find the folder named “Tools”

 

                     if(wcscmp( *pName, L“Tools”) == 0)
                     {
                     // if the “Tools ”folder could be found ,

//and the folder would be set the default folder for the library to save the file.
                   hr = pslLibrary- >SetDefaultSaveFolder(DSFT_PRIVATE, psiFolder);
                      }
                  }
              }
              // To submit the changes to the library.
          pslLibrary->Commit();
          pslLibrary->Release();
          }
    }
        ::CoUninitialize();
    return 0;
}

In this code, we firstly use SHLoadLibraryFromParsingName function to load the library from its definition file and create an IShellLibrary object.

Then we could do the operation on the library with the operation functions provided by the IShellLibrary object. In the code, we modified the icon of the library by using SetIcon function, which accepted a string as a parameter and assigned the name of DLL and Icon Index.

Afterwards we modified the type of the library by using SetFolderType function ,which could accept GUID as the parameter ,which defined the types of the library ,which could be one of the following types: Generic types, picture, music, video, document and so on. When setting the type of library, we can change the Windows explorer view of the library, and enable the search and the view options specially designated for the library type. The next step is to traverse all folders in the library in the loop and find the folder named “Tools” and the folder will be set the default folder for the library to save the file. By default, when we chose a library to save the files in CFD, the system would use the first folder to save the files .However; we could re-specify the default location of the library by modifying the default folder. At last, we can call Commit function to submit the changes to the library, and that is, to write these changes to the library definition files, in order to complete the operation on the library. 

 

 

 

 

 

Share This

September 15, 2009

How to manage UAC through Domain security policy?

Filed under: Security, Windows — Tags: , , , , — Jackson @ 11:32 pm

Unify the management of the UAC control hierarchy through Domain security policy.

 In an enterprise, there is a lot of clients .

Generally speaking; a system administrator should manage at least tens of clients, even amount to hundreds of ones. Obviously, it would be a real chore without challenging, if the UAC of the clients required adjusting one by one .According to my test, the UAC can be used in conjunction with GPO (group policy object) or domain security policy, that is to say, the control level can be set in domain controller or group levels. When the clients join in the domain or the Group, this level will be inherited. So, there is no need to set the UAC control level in each of clients. To be honest, Microsoft works pretty well in this respect. Although the structure and management of Microsoft domain is complex, the function is comparatively strong. And the domain context is always necessary to make some applications of advanced features more flexible. At least, this domain context can provide a platform to manage the clients intensively.

 

Share This

Older Posts »

Powered by WordPress

Close
E-mail It