December 16, 2014

PepperFlash in Firefox (Debian)


UPDATE MAY 2017 : Apparently Adobe is updating NPAPI flash player for firefox again.  Erase all this specialized stuff and sudo aptitude install flashplayer-mozilla instead.

https://steronius.blogspot.com/2017/05/latest-adobe-flash-player-in-firefox.html

~~~~~~~~~~~

Linux aficionados know that Adobe suspended further development of Flash for Linux. Only updates to version 11 will be provided through 2017.

Google Chrome does however continue to update and support a special embedded version of Flash called PepperFlash which is currently at version 16.

I just discovered that PepperFlash can be used with FireFox, albeit in a circumventual way.

"Fresh Player Plugin" is the PepperFlash wrapper for Firefox by i-rinat on github. I originally found this information on Web Upd8.

It was easy to install without issue. I found that my Debian distro had a pepperflash installer in it's repo; however, installing Google Chrome will work just as well.
sudo aptitude install pepperflashplugin-nonfree
sudo update-pepperflashplugin-nonfree --install

Then I was able to install Fresh Player Plugin as per documentation:
sudo apt-get install cmake gcc g++ pkg-config ragel libasound2-dev libssl-dev libglib2.0-dev libpango1.0-dev libgl1-mesa-dev libevent-dev libgtk2.0-dev libxrandr-dev libxrender-dev libxcursor-dev libv4l-dev libgles2-mesa-dev libavcodec-dev libva-dev libvdpau-dev libdrm-dev libicu-dev

#optional:
sudo apt-get install libpulse-dev libjack-jackd2-dev libsoxr-dev

cd ~/Downloads #(or your preferred folder)
git clone https://github.com/i-rinat/freshplayerplugin.git
cd freshplayerplugin
mkdir build
cd build
cmake -DCMAKE_BUILD_TYPE=RelWithDebInfo ..
make

cp libfreshwrapper-flashplayer.so ~/.mozilla/plugins/

Restart your firefox and take it for a test-run.

My FireFox reported the following using the Adobe About version check.  


To make it easier to update, I've scripted the make/install process which can be run manually on occasion, or as cronjob. If the build ever fails, i've found it best to delete the folder freshplayerplugin and re-clone it.
#!/bin/bash
cd ~/Downloads/freshplayerplugin/
git pull
mkdir build
cd build
cmake -DCMAKE_BUILD_TYPE=RelWithDebInfo ..

make && cp libfreshwrapper-flashplayer.so ~/.mozilla/plugins/ && firefox "https://www.adobe.com/software/flash/about/"&


As always, Good luck!
---



Please consider crypto tipping:
  

November 14, 2014

Fusion 7 upgrade and Ubuntu 14.04 LTS startup shutdown scripts fail.

 

Upon upgrading VMWare Fusion 6 to version 7, I had an issue with my Xubuntu 14.04 vmware-tools.

Upon Startup I would receive the warning:

The VMware Tools power-on script did not run successfully in this virtual machine. If you have configured a custom power-on script in this virtual machine, make sure that it contains no errors. You can also submit a support request to report this issue.


And upon shutdown, I would receive the warning:

The request to halt this virtual machine failed because the corresponding VMware Tools script did not run successfully. If you have configured a custom halt script in this virtual machine, please inspect it for errors; otherwise, please submit a support request.

Typically I use the repository's open-vm-tools, so i tried to reinstall them, but this did not resolve the issue.  I uninstalled open-vm-tools and installed the vmware-tools from Fusion, but this did not resolve the issue either.

When i searched the repository, I noticed a new group of tools containing the keywords open-vm-tools-lts-trusty*, so I i uninstalled vmware-tools with the command:

sudo vmware-uninstall-tools.pl

I purged any instances of open-vm-tools like so:

sudo apt-get purge open-vm-tools*

I then installed the LTS version of the open-vm-tools:

sudo aptitude install open-vm-tools-lts-dkms open-vm-tools-lts-desktop open-vm-toolbox-lts-trusty

Upon reboot, I had no more warning and things worked as expected.
---
Please consider crypto tipping:
  

November 11, 2014

DuckDuckGo search preferred ; recommended

I'm not one to promote products and services, but this is almost essential.

As a longtime proponent of Google search, about 3 years ago I first heard of duckduckgo and was immediately enchanted.

Within the first weeks, I decided to make DuckDuckGo.com my home-page and default search on all my browsers on all my computers and never looked back.

Unlike most other search engines, "DuckDuckGo does not collect or share personal information. That is [their] privacy policy in a nutshell."

DuckDuckGo's true power comes to play with a "!BANG"

DuckDuckGo has the unique ability to provide search engine specific results.  In other words, if you want google-only results, fine, just add "!g" in your search:
Want google-images? Fine, add "!gi" in your search:
Want yahoo-only results? Fine, add "!y":
Want to find alternate software for some application, say Adobe reader? Fine try "!altto":
Want to see what info TVGuide has about The Walking Dead? Fine try "!tvguide":
Want to find IMDB info for a favorite movie like The Midnight Meat Train? Fine try "!imdb":

Here is the complete list of magic "!bangs" including some very technical ones: https://duckduckgo.com/bang.html

Are you an expert in your field and want to create your own instant answer or !bang for the world to use?  Go to http://duckduckhack.com

I truly recommend DuckDuckGo.com to be your all-inclusive search engine!





TechGlipse.com offers a "cheat sheet" for duckduckgo instant answers:



Please consider crypto tipping:
  

November 06, 2014

Compile Remmina 1.1.x in Debian Jessie

Update: Okay this sucks; i'm still having copy/paste issues. But here's the post anyway:

UPDATE 2015 March: Okay this sucks even more, seems i had compilation issues and had to add more cmake flags; HOWEVER, upon install i had segmentation faults when running remmina.

SO, i've found an alternate and preferred method of installing: Add the unstable branch (debian experimental "sid") to your /etc/apt/sources.list and use sudo apt-get -t experimental install remmina freerdp to install the latest available.

i.e. I DO NOT RECOMMEND THE FOLLOWING
--

Remmina 1.0.0 is still the latest version in Debian Jessie (Testing) as of Nov 2014. However Remmina itself is up to version 1.1.x now.

Recently I have had issues with copy/paste (clipboard redirection) not working, so I decided to try to update it. Although not difficult, it was not exactly super quick to find the dependencies either.

note: I always use aptitude but you could just as easily use apt-get.

We will use the github version of Remmina:
sudo aptitude install git
cd ~/Downloads
git clone https://github.com/FreeRDP/Remmina.git

Of course, you probably already have the build tools; otherwise, install them:
sudo aptitude install build-essential

You may have issues with installing the following dependency due to a recent change in debian itself, but you should be able to work it out:
sudo aptitude install libgnutls28-dev

Now, we will install the rest of the dependencies:
sudo aptitude install libavahi-common-dev libavahi-client-dev libavahi-ui-gtk3-dev libvte-2.90-dev libappindicator3-dev libvncserver-dev libxkbfile-dev libfreerdp-dev libtelepathy-glib-dev

Now we can compile and install Remmina:
cd Remmina
cmake -DWITH_LIBSSH=OFF -DWITH_GNOMEKEYRING=OFF
make clean 
make
sudo make install

You need to make install otherwise it will not find the plugins.

I chose "keyring off" because I run XFCE and also when I compiled with it on, I still had copy/paste issues. However, that needs to be thoroughly tested and I was not interested in it.

Now you can run the new Remmina 1.1.x
killall remmina
remmina

good luck!
--

Please consider crypto tipping:
  

October 30, 2014

SSH - no matching cipher found

Edit: Please do your research, this may re-introduce vulnerable ciphers -- i don't have time to be safe. lmao.  
Please reference https://stribika.github.io/2015/01/04/secure-secure-shell.html
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

After a recent update of either Debian testing (Jessie) or OSX (Mavericks), I could no longer SSH from OSX into my Debian testing boxes.
I really don't know which OS update was at fault, but when I tried to SSH into my Debian testing boxes, i received the following message:
no matching cipher found: client blowfish-cbc,aes128-cbc,3des-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc server aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
I can't have that -- my daughter needed to play on the minecraft server and she NEEDED TO PLAY NOW!
What this told me is that that my client (OSX) expected blowfish-cbc,aes128-cbc,3des-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc but my server (Debian) supported aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
That sucks; stupid computer! (Wow, had not said that once since leaving Windows®)
Via web searches, I found that I could force a cipher like so: ssh -c aes128-ctr username@hostname so i did successfully. (I could just as well used ssh -c none username@hostname, but that's risky)
Once logged into my Debian box(es), I edited the ssh daemon config:
sudo nano /etc/ssh/sshd_config
and added the following to the bottom:
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,blowfish-cbc,aes128-cbc,3des-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
As you can see, since I didn't know if there is an order of preference or not, I erred on the safe side and added the previously supported server ciphers before the client's expected ciphers.
Afterward I had to restart and verify the SSH Daemon:
sudo service sshd restart ; sudo service sshd status
On my OSX client, I tried to SSH and it complained WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! .. Oh my lord the world will end.
An easy fix was ssh-keygen -R hostname, where hostname was my Debian's hostname or IP obviosuly.
Now it worked as expected (and should have never failed in the first place).
-end-
But Daddy, you forgot the minecraft server... START THE MINECRAFT SERVER NOW!
~~~
As always, good luck!

Please consider crypto tipping:
  

October 02, 2014

git pull all your .gits

I'll provide this commandline with the terms that I am not responsible for any screw-ups due to it. (caveat: if your local repo specifies to merge, it will attempt merge or maybe warn.)


Find all your .gits and git pull each project:
find ~/ -type d -name ".git" -exec git -C '{}/..' pull \;

If you prefer to actually see which are updating, try:
find ~/ -type d -name ".git" -exec echo "{}" \; -exec git -C '{}/..' pull \; -exec echo "" \;

good luck!
---
Please consider crypto tipping:
  

September 03, 2014

Reindex and Shrink a WSUS Database on 2008R2


UPDATE Feb 2022: This is obsolete. Time to upgrade to Win 2019 or newer and use these resources:
- https://github.com/samersultan/wsus-cleanup
   Which needs https://docs.microsoft.com/en-us/sql/connect/odbc/windows/release-notes-odbc-sql-server-windows?view=sql-server-ver15#178
   and https://docs.microsoft.com/en-us/sql/tools/sqlcmd-utility?view=sql-server-2017
   When scheduling it, be sure to "start in" the folder of the stored the files.
- MS best practices here: https://docs.microsoft.com/en-us/troubleshoot/mem/configmgr/windows-server-update-services-best-practices
- Further reading that i did not necessarily apply: https://www.deploymentresearch.com/fixing-wsus-when-the-best-defense-is-a-good-offense/



UPDATE Feb 2018: For Windows 2012 :
- Try this: https://community.spiceworks.com/how_to/103094-automate-wsus-cleanup
- You will need x64\msodbcsql.msi and x64\MsSqlCmdLnUtils.msi

___ Original Post for Windows 2008 R2 WSUS _________________________________________

I have a basic local WSUS install on Windows 2008 R2 Server of which the SUSDB has grown significantly. Below is the requirements and functions I found to re-index and shrink the DB.

You may wish to run the WSUS Server Cleanup Wizard prior to these step.  I often found that running the "Unused updates and update revisions" separately from the others is a good idea. I.E. i often select the 2nd,3rd,4th, and 5th options, run it, then re-run it with only the 1st option selected.
Does "Deleting unused updates" get stuck?  Try http://wininfra.net/2016/05/13/workaround-for-wsus-sql-timeout-errors/ (I had to do this once and it took days, but fixed the issue.)
   Edit: Another copy of this script: https://gist.github.com/Chris-ZA/efe09d076fabb62153ca247d834bb5b2 to be used similarly to below.
   i.e. for 2008R2: sqlcmd -S \\.\pipe\MSSQL$MICROSOFT##SSEE\sql\query -i ".\wsusDBmaintenance.sql"
   or for 2012: sqlcmd -S \\.\pipe\MICROSOFT##WID\tsql\query -i ".\wsusDBmaintenance.sql"
Now for the content...

1) How to re-index:

The re-index script was found at http://gallery.technet.microsoft.com/scriptcenter/6f8cde49-5c52-4abd-9820-f1d270ddea61

First download and install sqlncli_x64.msi and SQLServer2005_SQLCMD_x64.msi from http://www.microsoft.com/en-us/download/details.aspx?id=15748

Then copy/paste the script mentioned above into a new file named WsusDBMaintenance.sql .

Open a command prompt and change to the folder where you saved the script and execute the following command:
sqlcmd -I -i"WsusDBMaintenance.sql" -S \\.\pipe\MSSQL$MICROSOFT##SSEE\sql\query > reindex.txt

Of course you can create a batch file with the same command in it.

This may take some time, and results will be piped into reindex.txt for your review.


2) How to shrink:

We will use the SQL 2005 Express version of "Microsoft SQL Server Management Studio".  Download and install SQLServer2005_SSMSEE_x64.msi from http://www.microsoft.com/en-us/download/details.aspx?id=8961

Open SSMSE and connect to the local database by server name: \\.\pipe\mssql$microsoft##ssee\sql\query

Locate the database named SUSDB, right click, select Tasks>Shrink>Database>OK.

This may take a significant amount of time.

My database shrunk from 16.1GB to 12.9GB.

For further disk space recovery, try my previous post http://steronius.blogspot.com/2014/05/cleanmgr-on-windows-2008-r2-active.html which reclaimed 6+GB on my WSUS server.

~~~
As always, good luck!


Please consider crypto tipping:
  

August 14, 2014

Install Teamviewer 9 in 64bit Debain Wheezy/Jessie


Updated 2015 Feb 5.

Debian Wheezy and Debian Jessie 64-bit cannot install ia32-libs due to a change in how multi-architecture works.

Teamviewer installation notes state that we cannot install teamviewer_linux_x64.deb, and must use the 32-bit teamviewer_i386.deb.

But, teamviewer_i386.deb depends on 32-bit libraries.  So we must add multi-architecture:

sudo dpkg --add-architecture i386 ; sudo apt-get update ;

Then if we attempt to install teamviewer_i386.deb, it reports we do not have dependencies met.  We can see the full dependency names by trying to install to package by name (since dpkg -i has added the info locally):

sudo apt-get install teamviewer

Using the output, we can install the dependencies manually:

sudo apt-get install libc6:i386 libgcc1:i386 libasound2:i386 libfreetype6:i386 zlib1g:i386 libsm6:i386 libxdamage1:i386 libxext6:i386 libxfixes3:i386 libxrandr2:i386 libxrender1:i386 libxtst6:i386 libjpeg62:i386 libxinerama1:i386

Then we may install teamviewer properly:

sudo dpkg -i ~/Downloads/teamviewer_i386.deb
# I assume sudo apt-get install teamviewer would also work.


Note: Refer to http://steronius.blogspot.com/2014/02/replacing-logmein-with-teamviewer-on.html for killing/restarting teamviewer over ssh.

good luck.
...

Please consider crypto tipping:
  

August 09, 2014

PBISOpen Error: ERROR_FILE_NOT_FOUND (2)

TL;DR :
  • Error: ERROR_FILE_NOT_FOUND (2)
  • $ sudo apt-get install samba-client
  • sudo nano /etc/nsswitch.com #edit to contain "hosts: files dns [...]"
--------------------

PBISOpen (Power Broker Identity Services Opensource edition) is a Active Directory authentication system for *nix.  Read as: "Join Domain" for *nix.

I repeatedly failed to install this on a new Debian Jessie (Testing) machine with the " Error: ERROR_FILE_NOT_FOUND (2)" as the result.

It turned out I had to install "samba-client" and it was important to follow the details in this link especially regarding /etc/nsswitch.conf to contain "hosts: files dns [whatever-else-exists]" where dns is second and before any other entries.

so instead of:
Importing registry...

Error: /opt/pbis/bin/lwsm shutdown returned 1 (aborting this script)
Error: ERROR_FILE_NOT_FOUND (2)

dpkg: error processing package pbis-open (--install):
subprocess installed post-installation script returned error exit status 1
Errors were encountered while processing:
pbis-open
Error installing /home/user/Dropbox/NSU/PBISOpen/pbis-open-8.0.1.2029.linux.x86_64.deb/./packages/pbis-open_8.0.1.2029_amd64.deb
user@skynet:~/Dropbox/NSU/PBISOpen/pbis-open-8.0.1.2029.linux.x86_64.deb $ sudo /opt/pbis/bin/lwsm shutdown
Error: ERROR_FILE_NOT_FOUND (2)

i saw:
Importing registry...

Selecting previously unselected package pbis-open-gui.
(Reading database ... 162521 files and directories currently installed.)
Preparing to unpack .../pbis-open-gui_8.0.1.2029_amd64.deb ...
Unpacking pbis-open-gui (8.0.1.2029) ...
Setting up pbis-open-gui (8.0.1.2029) ...
Installing Packages was successful

New libraries and configurations have been installed for PAM and NSS.
Please reboot so that all processes pick up the new versions.

As root, run domainjoin-gui or domainjoin-cli to join a domain so you can log on
with Active Directory credentials. Example:
domainjoin-cli join MYDOMAIN.COM MyJoinAccount

good luck.

Please consider crypto tipping:
  

July 31, 2014

NTFS on OSX for FREE


I've since upgrade to OSX10.11.4 and "NTFS Free" no longer works. if you have a free solution, please post a comment below, TYVM.
----



i.e. You don't need to use the non-free Textera nor Paragon

off subject bonus: SSHFS

Update:
OSX 10.10 Yosemite broke this, but it can still be made to work by executing the following commands.  Special thanks to "braines" on the NTFS-FREE comments.

"braines" quote:
" Installing Yosemite broke my install with their stricter rules on code-signed kernal extensions for security reasons. To fix it, you need to run the following 3 commands in terminal before installing/reinstalling: 1) sudo nvram boot-args="kext-dev-mode=1" 2) sudo kextcache -system-prelinked-kernel 3) sudo kextcache -system-caches after the first command you will need to enter your password because of 'sudo' (super user do) this disables the security check. the other 2 commands just clear your cache of any old versions of this kernel extension to give you a fresh slate. After you install/reinstall you'll restart and things seem to be working. I suspect that this will be broken in the next update because this uses the /System/ folder which apple will be phasing out 3d party use of that folder "

---

Please consider crypto tipping:
  

June 14, 2014

Convert .psp (Paintshop Pro) files to .png with NConvert


In the late 90's and early 2000's my graphic editor of choice was PaintShop Pro v7 on Windoze.  Now in 2014, while running Linux, all those .psp files are practically unusable.

I finally I found a de facto way to convert them.  No searching the GIMP or Corel forums anymore.  Problem solved!

Download/extract XnSoft's NConvert and try something like this in your folder of choice:

find ./ -name "*.psp" -execdir ~/path/to/nconvert -o $%.png -out png {} \;

Pwned.

To break this down, we are "find"ing all .psp files recursively, then "exec"uting (with full path) the nconvert command with output of path+filename+.png and format png. The found files are represented with {}.  The \; is simply to end the exec command.


Good Luck!
--------
Please consider crypto tipping:
  

June 06, 2014

OSX cronjob with GNU screen fails to run reporting "Must be connected to a terminal."


OSX crontab (cronjob) with GNU "screen" fails to run reporting "Must be connected to a terminal."


I had set a cronjob to run using the "screen" command,

0 * * * * /path/to/script.sh


where my script is:

#!/bin/bash
/usr/bin/screen -S taskname /usr/bin/nice mycommand


but it failed to run.  To figure out the problem, i redirected output to a log.

0 * * * * /path/to/script.sh > ~/mylog.log


The log reported "Must be connected to a terminal."

The solution is to add the -d -m options to screen:

#!/bin/bash
/usr/bin/screen -d -m -S taskname /usr/bin/nice mycommand


w00t!

-------

Please consider crypto tipping:
  

May 16, 2014

Disk Cleanup utility (CleanMgr) on Windows 2008 R2 Active Directory

Do you need 4GB+ cleaned from a Windows 2008 R2 Active Directory Domain Controller?

In the past, Windows 2008 servers infamously stored obsolete program/update backups in C:\Windows\winsxs\ and there was no safe/supported way to cleanup.  A May 2014 update now allows cleanup.  Reference: http://blogs.technet.com/b/askpfeplat/archive/2014/05/13/how-to-clean-up-the-winsxs-directory-and-free-up-disk-space-on-windows-server-2008-r2-with-new-update.aspx

To simplify this, here are the commands (specific to Windows 2008 R2 64bit):

copy %systemroot%\winsxs\amd64_microsoft-windows-cleanmgr_31bf3856ad364e35_6.1.7600.16385_none_c9392808773cd7da\cleanmgr.exe %systemroot%\System32\

copy %systemroot%\winsxs\amd64_microsoft-windows-cleanmgr.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b9cb6194b257cc63\cleanmgr.exe.mui %systemroot%\System32\en-US\

cleanmgr.exe

Select your OS Drive, then Check-mark the Service Pack Backup Files, and continue.

You should regain 4+GB on a Domain Controller (at least that is my experience).

When run on non-domain server, the I've found the Service Pack Backup Files was always 0 bytes.  Unsure why, but your mileage may vary.

If you have a non-R2 or non-64bit, follow the 2nd link referenced (Follow option 2).

Good luck.
----------


Please consider crypto tipping:
  

March 27, 2014

Windows Server 2003 Repair Install not available solution

Windows Server 2003 Repair Install not available -- solution:

First it seems that Dell CD's do not contain the "Repair Install" option as per the Internets.

Second, you may find that the "To Repair the selected Windows installation, press "R"" option does not show up no matter what.

A hint was found here: http://www.winvistatips.com/re-windows-2003-repair-option-missing-t770031.html -- which stated :
The option to repair appears only under some conditions.
The version has to be the same build number for example.
The path in the boot.ini has to be correct.
The system hive has to be loaded and checked, [...]
So I booted the CD and chose R - recovery console.

I ran fixmbr, fixboot, and most importantly "bootcfg /rebuild" (or possibly bootcfg /scan).

bootcfg /rebuild will allow you to add the system back into the boot menu, which in turn the CD will find something to be able to "R"epair.

You may wish to see if those 3 commands allows Windows to boot on it's own.  If not, then boot the CD again and choose

Setup Windows now, Press ENTER

Then, after the F8 agreement, and it examines the disks, it should now have the option

To Repair the selected Windows installation, press "R"

If not, so sorry, you're still screwed.

--------------
Please consider crypto tipping:
  

March 24, 2014

Install Java in Debian



Install Java 9 in Debian -- but recommend java 8 still
http://www.webupd8.org/2015/02/install-oracle-java-9-in-ubuntu-linux.html

Install Java 8 in Debian:
http://www.webupd8.org/2014/03/how-to-install-oracle-java-8-in-debian.html

Install Java 7 in Debian:
http://www.webupd8.org/2012/06/how-to-install-oracle-java-7-in-debian.html

Install Java 6 in Debian:
http://www.webupd8.org/2012/11/oracle-sun-java-6-installer-available.html

Thank you to webupd8.org !
Please consider crypto tipping:
  

February 26, 2014

nfsen nfdump all x's and 'File not Found' for recent netflows


On my NFSEN system, I recently had a problem where all the current data flows showed "x" on the channels' traffic speed columns.

Also when I ran reports (filter processing), I'd get an error stating an nfdump data file was not found.

example:
stat() error 'path/nfsen/profiles-data/live/channel/year/month/day/nfcapd.yearmonthdaytime': File not found!

It turned out that at some point I set my TimeZone in the OS, but php/apache did not use the same TimeZone.

In, CentOS, I checked /etc/sysconfig/clock which contained:
ZONE="America/Chicago"

However, my /etc/php.ini had nothing set. So I replaced the timezone line with
date.timezone = America/Chicago

Then I restarted apache with:
service httpd restart

Woot, that fixed it!

Your Linux distribution may have different files/paths, but the concept should work the same.

Good Luck!
-------------
Please consider crypto tipping:
  

February 22, 2014

Password Protect Microsoft Remote Desktop Client for OSX



Microsoft Remote Desktop client version 8.x for OSX was released and I find it particularly nice. (Way better than v. 2.1.1 anyway).

One thing I tend to do is store my passwords, but this can be a bad habit for an enterprise environment.

I've found a way to password protect launching the RDP client, and furthermore, close it when the computer sleeps -- very convenient.

Essentially, what we'll do is create an encrypted storage container, move the app inside, and launch kill/eject scripts when entering sleep-mode.

This write-up assumes OSX 10.5+; I'm on 10.9.1 (Mavericks).

First, I used Disk Utility to create an encrypted .dmg file:

Launch the Disk Utility via Applications>Utility>Disk Utility.

Select File>New>Blank Disk Image.

In the "Save As" field, find your home directory or any other preferred area.  Name it "RDP.dmg".

In then "Name" field, name it "RDP" -- we will reuse this name for the eject-function later.

I found that "Microsoft Remote Desktop.app" was 67.7MB, so I opted to set the "Size" field as 72MB.  You can try 68MB if you like, I assume it would be fine.

For the "Format" field, I chose "Mac OSX Extended" as i do not need it journaled.

In the "Encryption" field, I chose 128-bit AES, but you may choose 256 if you are paranoid.

For "Partitions" and "Image Format", I chose the defaults of Single GUID and read/write respectively.

You will be asked for a password.  This is permanent so choose wisely.  Also, for the "Check-box" elect NOT to "Remember Password in my keychain" so that you are required to enter your password with each launch.

Once the RDP.dmg file is created, open it with Finder if it's not already open.  Again do NOT check to "Remember password".  Using Finder, drag the Microsoft Remote Desktop application into your new RDP.dmg file.  MS-RD should be in your Applications folder if you've installed it, or in the installer .dmg if you have not.

Once you have MS-RD inside the RDP.dmg file, go ahead and launch that copy.  Now to simplify things for future usage, on OSX's Dock, right click "Microsoft Remote Desktop", select Options, and select "Keep in Dock".

Now let's test your new password protected RDP Client.  First, close the MS-RD application.  Then eject "RDP".

Now using the Dock shortcut, click to open "Microsoft Remote Desktop" -- it should again ask for your password.  Voila, you have a password protected RDP client!  The key to this is to never check-on "Remember password in my keychain."

If everything works as expected, you should delete the original MS-RD app from your applications folder if you had previously installed it.  (And remove the original Keep in Dock if you had such.)

Now the interesting part of the project -- the RDP.dmg remains mounted even if you close MS-RD.  This mean the app could be re-lauched without the password. To protect from this, you could manually eject RDP.dmg after each usage (blah), or we can find a way to both close MS-RD and eject RDP.dmg when the machine goes into sleep mode (way more convenient). 

Now there may be ways to execute the process for a screensaver trigger, but I happened across a sleep-mode trigger solution first using SleepWatcher.  In fact, upon reading, SleepWatcher does indeed have an idle-mode trigger too, but this write-up will not utilize such as I have done this on a MacBook-Air and opted for sleep-trigger due to the ability to close the screen-lid to enter sleep-mode.

This configuration process will be mostly command line oriented.

Go ahead and download and extract SleepWatcher to your ~/Desktop.  You can delete the folder/files after the configuration process. Be certain to read the ReadMe.rtf file within.  If you do not already have SleepWatcher, then do not perform the first tasks listed, instead be sure to jump to the "Installation for new SleepWatcher users" section. Go ahead and skim through the readme first; The commands are listed below for convenience.

I elected to use the "user" mode .plist and therefore this resulted in my functions to be created in the ~/.sleep file.

If you elect the same, then as per the ReadMe.rtf file, do the following:

sudo mkdir -p /usr/local/sbin /usr/local/share/man/man8
 

sudo cp ~/Desktop/sleepwatcher_2.2/sleepwatcher /usr/local/sbin/
 

sudo cp ~/Desktop/sleepwatcher_2.2/sleepwatcher.8 /usr/local/share/man/man8/
 

cp ~/Desktop/sleepwatcher_2.2/config/de.bernhard-baehr.sleepwatcher-20compatibility-localuser.plist ~/Library/LaunchAgents/

launchctl load ~/Library/LaunchAgents/
de.bernhard-baehr.sleepwatcher-20compatibility-localuser.plist

Be careful copy-pasting, the five commands above are all ONE LINE each. You may opt to copy-paste into a text editor first to verify ONE-LINERS.

My ~/.sleep file consisted of the following:

#!/bin/sh
killall "Microsoft Remote Desktop"
/usr/sbin/diskutil eject /Volumes/RDP


Be sure to chmod +x ~/.sleep to make it executable.

The above ~/.sleep script will close MS-RD and also eject the RDP.dmg file.

If you've done the above configuration properly, then you can test the scenario by launching MS-RD and then closing your laptop lid or waiting for sleep-mode to trigger.  Your power settings in OSX are in Applications>System Preferences>Energy Saver.

Quite cool, no?

-------------------
Good Luck!
-------------------


Please consider crypto tipping: