The Remote Desktop connection settings for Windows Server 2008, and I believe Windows Vista, includes 3 levels of service:

• Don’t allow connections to this computer
• Allow connections from computers running any version of Remote Desktop (less secure)
• Allow connections only from computers running Remote Desktop with Network Level Authentication (more secure)

At first blush, you would probably choose the “more secure” option. Practically, this mainly means that it only allows connections from the latest Remote Desktop software in Windows Vista. It is probably another attempt by Microsoft to force consumers and businesses into upgrading to Windows Vista. But… I digress.

When connecting with an older Terminal Services (TS) client in XP or even Vista, you will get this message:

“Remote computer requires Network Level Authentication, which your computer doesn’t support”

Not all is lost. There are two ways around this. The first and most obvious solution is to select the less secure option and disabled Network Level Authentication (NLA). If you are in an environment that does not allow this change, or there are some other circumstances where you need to keep Network Level Authentication enabled, you can get a Remote Desktop connection from Windows XP.

The first step is to download the latest Remote Desktop Client for Windows XP. As of the writing of this article, the latest version is 6.1.

For XP SP3: here

For XP SP2: here

That is not it. For XP, you need to enable CredSSP – Credential Security Service Provider.

CredSSP is a new Security Service Provider (SSP) that is available in Windows XP SP3 by using the Security Service Provider Interface (SSPI). CredSSP enables a program to use client-side SSP to delegate user credentials from the client computer to the target server.

Directions on how do do this are available at Microsoft here:

http://support.microsoft.com/kb/951608/

The quick and dirty summary:

1. Click Start, click Run, type regedit, and then press ENTER.
2. In the navigation pane, locate and then click the following registry subkey:
   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
3. In the details pane, right-click Security Packages, and then click Modify.
4. In the Value data box, type tspkg. Leave any data that is specific to other SSPs, and then click OK.
5. In the navigation pane, locate and then click the following registry subkey:
   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders
6. In the details pane, right-click SecurityProviders, and then click Modify.
7. In the Value data box, type credssp.dll. Leave any data that is specific to other SSPs, and then click OK.
8. Exit Registry Editor.
9. Restart the computer.

For more information on CredSSP including how to deploy this setting using Group Policy, see the CredSSP page here.

Let me know if you have any other tips or a simpler way to connect to the more secure version of Remote Desktop.

It is possible to install Active Directory authentication in Ubuntu 8.04 and later. The Likewise Open packages accomplish this task, and it is actually pretty easy.

Just a note – when installing Ubuntu, do not add a user named “administrator” as I did. This makes it impossible to join the Ubuntu workstation to the domain using the “administrator” active directory user – but you can use a different Domain Administrator username and password.

The steps to follow:

1. sudo apt-get install likewise-open
2. sudo domainjoin-cli join fdqn.yourdomainserver Administrator
3. sudo update-rc.d likewise-open defaults
4. sudo /etc/init.d/likewise-open start

As a side note – you should also consider adding the following code to make it so that users do not have to login with DOMAIN\username on the ubuntu login screen. You can do this by changing /etc/samba/lwiauthd.conf and adding this line:

winbind use default domain = yes

Also, another helpful tidbit of information is getting your Ubuntu machine to resolve netbios domain names. You can do this by adding missing entries to the following lines in /etc/nsswitch.conf:

passwd: compat winbind lwidentity
group: compat winbind lwidentity
shadow: compat winbind
hosts: files dns winbind

If you receive an “ERROR” message when you try to login to Ubuntu, it could be because the likewise-open service isn’t running. Running “update-rc.d likewise-open defaults” should start it but troubleshoot this script to make sure it is indeed running on boot.

For More Information:
Official Likewise-open page on Ubuntu

Drupal’s administration login area is not secure by default. Usually there is an option in the configuration area of content management systems to set a secure area for logins, otherwise your username and password are sent in plain text over the internet.

Luckily, there is a module which enforces secure login on a Drupal install.

Drupal Module: Securepages

Although it is still in development, the 6.x-1.x-dev version worked great with my Drupal 6.4 installation.

We received this Blu-ray player along with a few Blu-Ray DVDs for an anniversary present. The BDP-S301 is the same as the BDP-S300 except it is only sold at wholesale outlets like Costco and Sam’s Club. The S301 also includes an HDMI cable.

The Pros: The image looks great. Hands down it is a clean, crisp image, and with the latest firmware updates (click here) supports most audio configurations.

The Cons: This thing is the slowest media player I have ever laid my hands on.

The instructions warn that the initial setup could take 90 seconds to start and after that, start up would be quicker. I suppose they didn’t lie – start up on an everyday basis takes around 40 seconds or more! After that, you can finally eject the tray to insert your movie, or make your way to the menu.

Forty seconds, when you have an impatient toddler wanting to watch Finding Nemo for the 50th time, is similar to taking a short detour through Dante’s 3rd circle of hell.

In addition to that, woe to the consumer who might get a relatively new, $30 Blu-ray movie to play in it. We put in Dan In Real Life (Ok movie, but slow paced) – it proceeds to play the previews, fine. Then it seemingly locks up for a few minutes on a screen with a progress bar that says “loading”. We power down, start the process again. Briefly before the “loading” screen pops up again, it mentions that on older players it could take several minutes to load the menu. Seriously, 3 to 4 minutes later, the menu loads up.

Again, we received 10,000BC (don’t waste your time) in the mail from Blockbuster. Started to play it and we wanted to stop and start it over. I pressed the stop button, and I guess I overloaded the system as it was totally frozen. I had to press the power button for 10 seconds and start the whole process over.

Are you kidding me? This is the worst consumer experience I’ve had in a long time. Maybe I am just an impatient American, but spending 5 minutes waiting for a movie to load up, after having spent that much money on top of the line technology, is a disgrace. Sony should be ashamed that they let this product go to market.

What is it doing during this loading time? Is the Java OS loading all of its unnecessary libraries? Who allowed this to pass by QA?

So my recommendation to anyone looking to buy one of these systems is keep looking! There are more and more choices out there. The PS3 is only $50-$100 more and it loads movies much faster and has many more advanced media features (like streaming audio and video right to the PS3 from other media servers), not to mention all the games you can play on it.

Sony used to be top notch in my opinion when it came to hardware of any kind. However after this incident, I will really have to think twice before getting another Sony product!

I have a new post up on Makeuseof, regarding Firefox Addons for Privacy and Security. Maybe you won’t use all of them but even installing some of them (NoScript in particular) can really lower your chances of getting hit with a javascript exploit.