The Windows Firewall Service Fails to start – Dependencies

发布者: Ted 分类: 笔记 在 2011/12/19 | 浏览: 93 次

0
Digg me

As discussed in the previous posts in this series, there can be several causes that will prevent the Windows Firewall from starting. In this installment I will cover specifics of checking dependencies.


Checking Dependencies

When checking dependencies you will want to check to ensure that the default dependencies are in place, that there are not additional dependencies, and that the BFE and RPC services are starting.

Checking dependencies in Windows Vista and Windows Server 2008

As seen in the screenshots below, the Base Filtering Engine and the Windows Firewall Authorization Driver are the default dependencies. Use the steps below to view this:

  1. Click Start
  2. Right-click Computer
  3. Click Manage
  4. When Computer Management opens, open Services and Applications
  5. Click Services
  6. Right-click on Windows Firewall in the list of services and click Properties
  7. Click the Dependencies tab

clip_image001

In addition, the Base Filtering Engine also has a dependency on RPC, as seen below.

clip_image002

Therefore, we also need to verify that the Base filtering Engine and the RPC service are started and set to start automatically as seen below.

clip_image004clip_image006

Additional Dependencies

Finally, if there are any dependencies other than the ones mentioned above you will want to remove them.

Checking dependencies in Windows 7 and Windows Server 2008 R2

Windows 7 / Windows 2008 R2 have the same dependencies as Windows Vista but the services that have dependencies on them are different. Fortunately we are not concerned with what has a dependency on these services so we can check the same Base Filtering Engine and RPC services.clip_image007

clip_image008

Conclusion

This is the last post of my series on troubleshooting issues where the Windows Firewall Service fails to start.

I hope you have found this information useful.

暂无评论

The Windows Firewall Service Fails to start – Checking Privilege Access

发布者: Ted 分类: 笔记 在 2011/12/19 | 浏览: 50 次

0
Digg me

The Windows Firewall Service Fails to start – Checking Privilege Access

As discussed in the previous posts in this series, there can be several causes that will prevent Windows Firewall from starting. In this installment, part 4 of 5 in the series, I will cover specifics of checking access privileges for both Windows Vista and Windows 7.

Checking Privilege access

Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

You can see the privilege access settings by looking at the RequiredPrivileges registry value.

I have listed the values you will find in a default clean install below but it is possible you will have other values.

HKLM\SYSTEM\CurrentControlSet\Services\MpsSvc\RequiredPrivileges
  1. SeAssignPrimaryTokenPrivilege
  2. SeAuditPrivilege
  3. SeChangeNotifyPrivilege
  4. SeCreateGlobalPrivilege
  5. SeImpersonatePrivilege
  6. SeIncreaseQuotaPrivilege
  7. clip_image001

You can then check the privileges found in the previous step using secpol.msc. Make sure each of the above listed privileges has LOCAL SERVICE listed in them.

You can check this by one of the following methods:

Method 1

Open secpol.msc, right click on root node (Security Settings) and export the data to an .inf file, open the .inf file in notepad.

Note: In the .inf file make sure the above listed privileges contain the SID of the needed object – for LOCAL SERVICE the SID is S-1-5-19

Note: This list below is edited to only contain the values we are looking for. There will be more values in the INF.

[Privilege Rights]
SeChangeNotifyPrivilege = *S-1-1-0,*S-1-5-19,*S-1-5-20,*S-1-5-32-544,*S-1-5-32-545,*S-1-5-32-551
SeAuditPrivilege = *S-1-5-19,*S-1-5-20
SeIncreaseQuotaPrivilege = *S-1-5-19,*S-1-5-20,*S-1-5-32-544
SeAssignPrimaryTokenPrivilege = *S-1-5-19,*S-1-5-20
SeImpersonatePrivilege = *S-1-5-19,*S-1-5-20,*S-1-5-32-544,*S-1-5-6
SeCreateGlobalPrivilege = *S-1-5-19,*S-1-5-20,*S-1-5-32-544,*S-1-5-6

Method 2

Open the Local Security Policy MMC (secpol.msc), then drill down to Local Policies / User Rights Assignment.

Find the Policy for the corresponding privileges (below) and make sure LOCAL SERVICE is listed in them.

Privilege name

Policy name

SeAssignPrimaryTokenPrivilege

Replace a process level token

SeAuditPrivilege

Manage auditing and security log

SeChangeNotifyPrivilege

Bypass traverse checking

SeCreatGlobalPrivilege

Create global objects

SeImpersonatePrivelege

Impersonate a client after authentication

SeUncreaseQuotaPrivilege

Adjust memory quotas for a process

Missing privileges can be added via Registry Editor as follows:

  1. Browse to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\registry key, right click and select Permissions.
  2. In the "Permissions for Creator Owner" window, click the Advanced button, then click Add.
  3. clip_image002
  4. Once the "Select User, Computer, Service Account or Group" box appears, change the "From this location:" to point to the local machine name if it is not already.
  5. After changing the search location, enter "NT Service\BFE" for Windows Vista or "NT Service\MpsSvc" for Windows 7 in the "Enter the object name to select" box and click "Check names" – this will allow you to add the account. Click OK to return to the Advanced Security Settings dialog.
  6. Check the appropriate privileges from above.

What’s next?

In my next installment, I will cover Firewall service dependencies.

暂无评论

The Windows Firewall Service Fails to start – Registry Permissions

发布者: Ted 分类: 笔记 在 2011/12/19 | 浏览: 60 次

0
Digg me

As discussed in my previous posts in this series, there can be several causes that will prevent the Windows Firewall from starting. In this installment, part 3 of 5, I will cover specifics of checking registry permissions.


Checking Registry Permissions

You can verify the permissions in Registry Editor by right-clicking each of the following registry keys and choosing Permissions. Then, highlight the desired account and click Advanced. Then highlight the desired account (again) and click Edit.

Depending on the operating system version, either NT Service\MpsSvc or NT Service\BFE needs permissions for the following keys as described below (note that HKEY_LOCAL_MACHINE has been shortened to HKLM):

HKLM\SYSTEM\CurrentControlSet\Services\BFE\Parameters\Policy
  • Windows Vista: NT Service\BFE – Query Value, Set Value, Create Subkey, Enumerate Sub Keys, Notify, Read Control
  • Windows 7: NT Service\BFE – Query Value, Set Value, Create Subkey, Enumerate Sub Keys, Notify, Read Control
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy
  • Windows Vista: NT Service\MpsSvc – Full Control
  • Windows 7: NT Service\MpsSvc – Query Value, Set Value, Create SubKey, Enumerate SubKeys, Notify, Delete, Read Control
HKLM\SYSTEM\CurrentControlSet\Services\ShareAccess\Epoch
  • Windows Vista: NT Service\MpsSvc – Query Value, Set Value
  • Windows 7: NT Service\MpsSvc – Query Value, Set Value
HKLM\SYSTEM\CurrentControlSet\Services\ShareAccess\Epoch2
  • Windows 7: NT Service\MpsSvc – Query Value, Set Value
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy
  • Windows Vista: NT Service\MpsSvc – Full Control
  • Windows 7: NT Service\MpsSvc – Query Value, Set Value, Create SubKey, Enumerate SubKeys, Notify, Delete, Read Control

Reviewing registry permissions for Windows Vista:

clip_image002

Reviewing registry permissions for Windows 7:

clip_image003

What’s next?

In my next blog post in this series, I will cover access privileges.

暂无评论

The Windows Firewall Service Fails to start – Logon Permissions

发布者: Ted 分类: 笔记 在 2011/12/19 | 浏览: 77 次

0
Digg me

This is part two in my series on Windows Firewall failing to start. In part one, I covered Windows XP and gave an overview of the issues seen in Windows Vista and Windows 7. As discussed, there can be several causes that will prevent the firewall from starting. In this post, I will cover specifics of checking the logon permissions.


Checking Logon Permissions

First you should verify that the "Log on as:" account is set to Local Service. The Base Filtering Engine, Windows Firewall, and NLA services should all be set to Log on as the "Local Service" account. I’m only including one screenshot as an example because it is the same for all of the services that use Local Service. Note that the Password fields are ignored for this account. For more information on the Local Service account, refer to http://msdn.microsoft.com/en-us/library/ms684188(VS.85).aspx.

clip_image001

IPsec Policy agent uses the "Network Service" account.

clip_image002

Next we will want to verify the security descriptor definition language string, or SDDL string. This string defines the string format that the ConvertSecurityDescriptorToStringSecurityDescriptor and ConvertStringSecurityDescriptorToSecurityDescriptor functions use to describe a security descriptor as a text string. Refer to http://msdn.microsoft.com/en-us/library/aa379570(VS.85).aspx for more information.

We can use SC SDSHOW to show the SDDL string for the services of interest.

Syntax: sc sdshow <Service Name>

Note: You will want to run this command against a working machine in your environment for comparison but here are the default settings from a clean install.

Windows 7 default installation

Service Name: NLASVC

D:(A;CI;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;CI;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A

;;CCLCSWRPLORC;;;IU)(A;;CCLCSWLOCRRC;;;SU)(A;;CCLCSWRPRC;;;S-1-5-80-3141615172-2

057878085-1754447212-2405740020-3916490453)

Service Name: BFE

D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWRPWPDTLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

Service Name: MPSSVC

D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCR

RC;;;IU)(A;;CCLCSWLOCRRC;;;SU)(A;;CCLCRP;;;S-1-5-80-2006800713-1441093265-249754

844-3404434343-1444102779)S:(AU;FA;CCDCKCSWRPWPDTLOCRSDRCWDWO;;;WD)

Service Name: SharedAccess

D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWRPWPDTLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

Windows Vista default installation

Service Name: NLASVC

D:(A;CI;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;CI;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A

;;CCLCSWRPLORC;;;IU)(A;;CCLCSWLOCRRC;;;SU)(A;;CCLCSWRPRC;;;S-1-5-80-3141615172-2

057878085-1754447212-2405740020-3916490453)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

Service Name: BFE

D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWRPWPDTLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

Service Name: MPSSVC

D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCR

RC;;;IU)(A;;CCLCSWLOCRRC;;;SU)(A;;CCLCRP;;;S-1-5-80-2006800713-1441093265-249754

844-3404434343-1444102779)S:(AU;FA;CCDCKCSWRPWPDTLOCRSDRCWDWO;;;WD)

Service Name: SharedAccess

D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWRPWPDTLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

Using SC SDSET to set the SDDL string

You can restore the default permissions via the SDDL strings above or get similar data from a working machine in your own environment.

SC sdset <Service Name> <SDDL string>

Example:

SC sdset SharedAccess D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)

Notice that the end of each is SY = Local System, BA = Administrator, AU = Authenticated Users, PU = Power Users

What’s next?

In the next installment of this series, I will cover registry permissions as related to Windows Firewall.

暂无评论

The Windows Firewall Service Fails to start – Introduction

发布者: Ted 分类: 笔记 在 2011/12/19 | 浏览: 82 次

0
Digg me

There can be several causes that will prevent the Windows Firewall from starting and I will attempt to cover them in this series of five blog posts. In this first post, I will cover Windows XP and Windows Vista / Windows 7 separately as they are two different services. Last I will cover one issue with OneCare. Note: Specifics on Windows Vista and Windows 7will come in a later blog post.

Windows XP

In Windows XP, the firewall service is named “Windows Firewall/Internet Connection Sharing (ICS)”, or SharedAccess service.

Typical errors seen as either popups or within event logs when the service fails to start are:

  • Cannot start the Windows Firewall/Internet connection sharing (ICS) Service on local computer
  • Error 2: The system cannot find the file specified
  • Error 1705: While starting windows firewall and internet connection sharing services

Problems starting the Firewall Service in Windows XP are most commonly related to an issue with the Shared Access registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess

The quickest resolution is generally to rebuild the key. Instructions for doing this are in the following article, along with a FIXIT link:

You cannot start the Windows Firewall service in Windows XP SP2

Other things you will want to check are:

  • Verify that the “Remote Procedure Call (RPC)” service is started
  • Verify that the service is configured to logon as Local System Account, as shown below:

clip_image001

The above 3 items cover the vast majority of the issues with starting the Firewall in Windows XP.

Windows Vista and later (Windows 7, Windows Server 2008, and Windows Server 2008 R2)

In Windows Vista and later, the firewall service is “Windows Firewall” (MPSSVC); it combines both Firewall and IPsec functionality.

The first thing to check is that the Base Filtering engine (BFE) is running. There are a number of services dependent on the BFE service (including the Windows Firewall) that may also fail to start:

  • IPsec Policy Agent (PolicyAgent)
  • Windows Firewall
  • IKE and AuthIP IPsec Keying Modules
  • Internet Connection Sharing (ICS)
  • Routing and Remote Access

In my experience most of the issues starting these services are related to permissions.

Typical errors seen in relation to starting this service are:

  • Event ID: 7024 – The Windows Firewall service terminated with service-specific error 5 (0×5)
  • Windows could not start the Base Filtering Engine service on Local Computer. Error 5: Access is denied.
  • Windows could not start the IPsec Policy Agent service on Local Computer. Error 1068: The dependency service or group failed to start.
  • Windows could not start the Network Location Awareness on Local Computer. For more information, review the System Event Log. If this is a non-Microsoft service, contact the service vendor, and refer to service-specific error code -1073741288.
  • The Windows Firewall service terminated with service-specific error 87 (0×57)
  • Error 0×80004015: The class is configured to run as a security id different from the caller.
  • The Windows Firewall service terminated with service-specific error 6801 (0x1A91).
  • “net start mpssvc” in cmd.exe returns the system error 1297.

What to look for (specific details will be shared in a future blog post):

  • Verify Log On permissions
  • Verify registry permissions
  • Verify privilege permissions
  • Verify Service Dependencies
  • Reset the default security permissions
  • Verify that the TxR folder exists : %systemroot%\system32\config\TxR
  • Verify the following registry keys by comparing them to a default Windows installation:
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ShareAccess
Windows OneCare

Lastly, I am including information about one issue that may be seen with the Windows OneCare Firewall Service. The following messages may be seen:

The Windows OneCare Firewall Service Could not Start

Urgent – Turn on Firewall

You will see this error in the Windows OneCare interface, with a red status action item asking you to enable the firewall. The action listed does not enable the firewall, however.

This issue is also very specific because the firewall settings in Windows OneCare are grayed out and cannot be modified.

To resolve this issue:

Use the steps below to ensure that the PATH environment variable contains the following path:

%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM

  1. Click Start / Control Panel and open the System Icon.
  2. In System, click the Advanced tab and then Environment Variables.
  3. Ensure that in the lower box “System variables” that PATH exists. If Path does not exist click NEW and type in PATH as the variable name and enter the above path in the variable value.
  4. If PATH already exists, highlight it and click Edit.
  5. Under variable name, click at the end of the line to append the above mentioned path to the end of the current path. NOTE: BE SURE TO SEPERATE THE OLD PATH AND THE NEW PATH WITH A SEMI-COLON ( ; ).
  6. Click OK to close the windows and restart the computer.

If this does not resolve the issue, try the following step:

  1. Click Start / Run and type Regsvr32 %SystemRoot%\System32\wbem\wmidcprv.dll and click OK.
  2. Restart the computer and test the firewall again.

If this does not resolve the issue, or if the problem does not match the description, please follow the steps in KB article 910659.

Conclusion

This wraps up my overview of how to troubleshoot issues starting the Windows Firewall Service. I will have some future blog posts with more specific details on the Windows Vista/Windows 7 steps.

暂无评论

建筑智能化工程设计与施工资质标准

发布者: Ted 分类: 笔记 在 2011/11/21 | 浏览: 74 次

0
Digg me

一、总则
 
   (一)为了加强对从事建筑智能化工程设计与施工企业的管理,维护建筑市场秩序,保证工程质量和安全,促进行业健康发展,结合建筑智能化工程的特点,制定本标准;
 
   (二)本标准工程范围系指各类建设工程中的建筑智能化工程;

   (三)本标准是核定从事建筑智能化工程设计与施工活动的企业资质等级的依据;
 
   (四)本标准设一级、二级两个级别;
 
   (五)本标准中工程业绩和专业技术人员业绩指标是指已竣工并验收质量合格的建筑智能化工程。
 
二、标准
 
   (一)一级
 
    1、企业资信

   (1)具有独立企业法人资格;

   (2)具有良好的社会信誉并有相应的经济实力,工商注册资本金不少于800万元,净资产不少于960万元;
 
   (3) 近五年独立承担过单项合同额不少于1000万元的智能化工程(设计或施工或设计施工一体)不少于2项;

   (4)近三年每年工程结算收入不少于1200万元。
 
    2、技术条件

   (1)企业技术负责人具有不少于8年从事建筑智能化工程经历,并主持完成单项合同额不少于1000万元的建筑智能化工程(设计或施工或设计施工一体)不少于2项,具备注册电气工程师执业资格或高级工程类专业技术职称;
 
   (2)企业具有从事建筑智能化工程的中级及以上工程类职称的专业技术人员不少于20名。其中,自动化、通信信息、计算机专业技术人员分别不少于2名,注册电气工程师不少于2名,一级注册建造师(一级项目经理)不少于2名;
 
   (3)企业专业技术人员均具有完成不少于2项建筑智能化工程(设计或施工或设计施工一体)业绩。

    3、技术装备及管理水平

   (1)有必要的技术装备及固定的工作场所;

   (2)具有完善的质量管理体系,运行良好。具备技术、安全、经营、人事、财务、档案等管理制度。

   (二)二级

    1、企业资信

   (1)具有独立企业法人资格;

   (2)具有良好的社会信誉并有相应的经济实力,工商注册资本金不少于300万元,净资产不少于360万元;

   (3)近五年独立承担过单项合同额不少于300万元的建筑智能化工程(设计或施工或设计施工一体)不少于2项;
 
   (4)近三年每年工程结算收入不少于600万元。

    2、技术条件

   (1)企业技术负责人具有不少于6年从事建筑智能化工程经历,并主持完成单项合同额不少于500万元的建筑智能化工程(设计或施工或设计施工一体)不少于1项,具备注册电气工程师执业资格或中级及以上工程类专业技术职称;
 
   (2)企业具有从事建筑智能化工程的中级及以上工程类职称的专业技术人员不少于10名,其中,自动化、通信信息、计算机专业人员分别不少于1人,注册电气工程师不少于2名,二级及以上注册建造师(项目经理)不少于2名;

   (3)企业专业技术人员均具有完成不少于2项建筑智能化工程(设计或施工或设计施工一体)业绩。

    3、技术装备及管理水平

   (1)有必要的技术装备及固定的工作场所;

   (2)具有完善的质量管理体系,运行良好。具备技术、安全、经营、人事、财务、档案等管理制度。
 
三、承担业务范围
 
   (一)取得建筑智能化工程设计与施工资质的企业,可从事各类建设工程中的建筑智能化项目的咨询、设计、施工和设计与施工一体化工程,还可承担相应工程的总承包、项目管理等业务;
 
    包括:
 
    1、综合布线及计算机网络系统工程;
 
    2、设备监控系统工程;
 
    3、安全防范系统工程;
 
    4、通信系统工程;
 
    5、灯光音响广播会议系统工程;
 
    6、智能卡系统工程;
 
    7、车库管理系统工程;
 
    8、物业管理综合信息系统工程;
 
    9、卫星及共用电视系统工程;
 
    10、信息显示发布系统工程;
 
    11、智能化系统机房工程;
 
    12、智能化系统集成工程;
 
    13、舞台设施系统工程;

   (二)取得一级资质的企业承担建筑智能化工程的规模不受限制;
 
   (三)取得二级资质的企业可承担单项合同额1200万元及以下的建筑智能化工程。
 
四、附则
 
   (一)企业申请二级资质晋升一级资质,应在近两年内无违法违规行为,无质量、安全责任事故;

   (二)取得《建筑智能化工程设计与施工资质证书》的单位,其原《建筑智能化系统工程设计和系统集成专项资质证书》、《建筑智能化专业承包资质证书》收回注销;
 
   (三)新设立企业只能申请二级,除对“企业资信”(2)中净资产以及(3)、(4)不作要求外,其他条件均应符合二级资质标准要求;

   (四)本标准由建设部负责解释;

   (五)本标准自二○○六年九月一日起施行。

暂无评论

HTML5 技巧和工具

发布者: Ted 分类: 笔记 在 2011/10/18 | 浏览: 118 次

0
Digg me

一、HTML5支持测试列表

在开始之前,你需要了解现代的浏览器以及移动平台对于HTML5的支持情况。

主流浏览器HTML5功能支持一览

移动平台HTML5支持一览

HTML5支持测试

HTML5演示

二、让HTML5元素可用

老版本的IE浏览器不能识别新的HTML元素。但是,可以使用一些JavaScript或CSS解决方案来弥补这个缺陷。

HTML5Shiv:此脚本可以使IE浏览器识别HTML5元素。

HTML5 Enabler:功能与HTML5Shiv类似。

Modernizr:它使得开发者可以在支持HTML5和CSS3的浏览器中充分利用HTML5和CSS3的特性进行开发,同时又不会牺牲其他不支持这些新技术的浏览器的控制。

HTML5 Reset:它提供了一组HTML、CSS文件,让你能够以最少的时间来启动一个新的项目。它使用modernizr来支持HTML5 和 CSS3。

三、浏览器插件

下面是一些JavaScript插件,可以弥补一些浏览器对HTML5的支持问题。

1. VideoJS

VideoJS是一个HTML5的视频播放器,可以在所有浏览器中使用,包括IE6和移动设备。对于不支持HTML5的浏览器则自动使用Flash播放器来播放。

2. AudioJS

HTML音频播放器。用来让HTML5 的 《audio》 标签可以在各种浏览器上使用,包括移动设备。

3. HTML5Widget

HTML5的表单模块,包括日历,调色板,滑动部件,客户端验证等。

4. Webforms2

HTML5 表单属性的支持,例如pattern、required和autofocus。

5. LimeJS

LimeJS是HTML5的游戏框架,用于为现代触摸设备和桌面浏览器创建快速、本地化的游戏。

6. FlexieJS

支持CSS3弹性盒子模型(Flexible Box Model)。

四、在线工具

此外,还有一些在线工具,可以帮助开发者加快HTML5项目的开发。

1. HTML5 Boilerplate

HTML5Boilerplate 是一个HTML / CSS /JS模板,是实现跨浏览器正常化、性能优化、稳定的可选功能如跨域Ajax和Flash的最佳实践。开发者称之为技巧集合,目的是满足你开发一个跨浏览器,并且面向未来的网站的需求。

2. Switch to HTML5

非常有用的在线工具,可以根据你的喜好生成HTML5文档结构。

3. Initializr

Initializr是一个HTML5模板生成器,以帮助你开始HTML5项目的开发 。它建立在HTML5 Boilerplate之上。

4. HTML5 Visual 速查表

5. HTML5 Canvas 速查表

6. HTML5 笔记

五、其他

你可以通过下面的链接来跟踪HTML5的更新。

HTML5追踪

你可以通过下面的链接获得HTML5网站的设计灵感。这个网站库中包含了大量的使用HTML5技术的网站。

HTML5Gallery

暂无评论

Dropbear 0.53.1 安装配置教程–CentOS

发布者: Ted 分类: 笔记 在 2011/09/22 | 浏览: 201 次

0
Digg me

一、安装之前需做两件事情:

1、如果你使用的openssh 的端口还是22的话,需要修改。
vi /etc/ssh/sshd_config
端口修改在配置文件前几行:
Port 2269
#Protocol 2,1

保存,重启:
service sshd restart

2、是安装必需包:
yum install zlib* gcc make

二、

1、接下来下载解压编译安装dropbear最新版:
wget http://matt.ucc.asn.au/dropbear/releases/dropbear-0.53.1.tar.gz
tar -xvzf dropbear-0.53.1.tar.gz
cd dropbear-0.53.1
./configure
make && make install

2、配置dropbear
生成Host key:

mkdir /etc/dropbear

/usr/local/bin/dropbearkey -t dss -f /etc/dropbear/dropbear_dss_host_key

/usr/local/bin/dropbearkey -t rsa -s 4096 -f /etc/dropbear/dropbear_rsa_host_key

配置好,启动Dropbear:

/usr/local/sbin/dropbear

设置成开机自动启动:

vi /etc/rc.local

在最后加一行:

/usr/local/sbin/dropbear

 

三 、dropbear的补充说明:

dropbear默认的安装路径是:/usr/local/sbin

Dropbear默认端口是22,如果想监听其它端口,执行:

/usr/local/sbin/dropbear –p 2222

更改默认监听的端口方法:

在编译dropbear之前,先执行(把2222换成您希望的端口即可):

sed -i ’s/22/2222/g’ options.h

如果还有问题,查看帮助:

/usr/local/sbin/dropbear -h

,

暂无评论

IE Conditional Comments

发布者: Ted 分类: 笔记 在 2011/08/05 | 浏览: 562 次

0
Digg me

One of the most common operations performed in a Web page is to detect the browser type and version. Browser detection is performed to ensure that the content presented to the browser is compatible and renders correctly. The browser type can be detected using many different techniques. Most methods of browser detection make use of script on the server or client.

This article introduces conditional comments, which offer certain advantages over scripted browser detection techniques. Conditional comments make it easy for developers to take advantage of the enhanced features offered by Microsoft Internet Explorer 5 and later versions, while writing pages that downgrade gracefully in less-capable browsers or display correctly in browsers other than Internet Explorer. Conditional comments are the preferred means of differentiating Cascading Style Sheets (CSS) rules intended for specific versions of Internet Explorer.

The following topics are discussed in this document.


Terminology

The following terms are used in this article.

Term
Description

expression
A combination of operators, features, and/or values used to form a conditional statement.

downlevel browser
Any browser except Internet Explorer 5 and later versions. For the purposes of this article, downlevel refers specifically to any browser or browser version that does not support conditional comments.

uplevel browser
Internet Explorer 5 and later versions, which support conditional comments.

downlevel-hidden
A conditional comment block that is ignored by downlevel browsers. Internet Explorer 5 and later versions render the HTML content if the expression evaluates to true.

downlevel-revealed
A conditional comment block that is parsed by downlevel browsers. Internet Explorer 5 and later versions also render the HTML content if the expression evaluates to true.

Benefits of Using Conditional Comments

Conditional comments have certain advantages over scripting methods of browser detection.

  • Low client-side impact.

    When a downlevel browser encounters a downlevel-hidden conditional comment, the browser skips over the HTML inside the comment, and the content elements are not parsed, downloaded, or rendered. This saves client machine resources.

  • No script required.

    Conditional comments do not require scripting and DHTML, and when no scripting is used in a Web page, no scripting engine needs to be loaded. Conditional comments are processed during the downloading and parsing phase, so only the content that is targeted for the browser is actually downloaded. Conditional comments can be combined freely with other browser detection techniques.

  • Separate code from detection logic.

    Using conditional comments, script logic can be separated into smaller and simpler segments of code, which are easier to maintain and understand. Plus, code segments are loaded only by the browser version for which they were intended.

  • Cross-browser.

    Conditional comments have been around since Internet Explorer 5, but their use is not restricted to Internet Explorer alone. Conditional comments can be used to customize content delivered to browsers that support conditional comments and those that do not.

Syntax of Conditional Comments

The basic syntax of each type of comment is shown in the following table. The first comment shown is the basic HTML Comment, which is included for the purpose of comparison and to illustrate the different syntax used by each type of conditional comment.

Comment type
Syntax or possible value

standard HTML comment
<!– Comment content –>

downlevel-hidden
<!–[if expression]> HTML <![endif]–>

downlevel-revealed
<![if expression]> HTML <![endif]>

The HTML shown inside the syntax block in each of the conditional comments denotes any block of HTML content, including script. Both types of conditional comment use a conditional expression to indicate whether the content inside the comment block should be parsed or ignored.

The conditional expression is formed from a combination of feature, operator, and/or value, depending on the feature. The following table shows the supported features and describes the values each feature supports.

Item
Example
Comment

IE
[if IE]
The string "IE" is a feature corresponding to the version of Internet Explorer used to view the Web page.

value
[if IE 7]
An integer or floating point numeral corresponding to the version of the browser. Returns a Boolean value of true if the version number matches the browser version. For more information, see Version Vectors.

WindowsEdition
[if WindowsEdition]
Internet Explorer 8 on Windows 7. The string "WindowsEdition" is a feature corresponding to the edition of Windows used to view the Web page.

value
[if WindowsEdition 1]
An integer corresponding to the edition of Windows used to view the Web page. Returns a Boolean value of true if the value matches the edition being used. For information about supported values and the editions they describe, see the pdwReturnedProductType parameter of the GetProductInfo function.

true
[if true]
Always evaluates to true.

false
[if false]
Always evaluates to false.

The following table describes the operators that can be used to create conditional expressions.

Item
Example
Comment

!
[if !IE]
The NOT operator. This is placed immediately in front of the feature, operator, or subexpression to reverse the Boolean meaning of the expression.

lt
[if lt IE 5.5]
The less-than operator. Returns true if the first argument is less than the second argument.

lte
[if lte IE 6]
The less-than or equal operator. Returns true if the first argument is less than or equal to the second argument.

gt
[if gt IE 5]
The greater-than operator. Returns true if the first argument is greater than the second argument.

gte
[if gte IE 7]
The greater-than or equal operator. Returns true if the first argument is greater than or equal to the second argument.

( )
[if !(IE 7)]
Subexpression operators. Used in conjunction with boolean operators to create more complex expressions.

&
[if (gt IE 5)&(lt IE 7)]
The AND operator. Returns true if all subexpressions evaluate to true

|
[if (IE 6)|(IE 7)]
The OR operator. Returns true if any of the subexpressions evaluates to true.

Downlevel-hidden Conditional Comments

The following sample shows a downlevel-hidden conditional comment, which contains a short paragraph of text.

<!--[if IE 8]>
<p>Welcome to Internet Explorer 8.</p>
<![endif]-->

The downlevel-hidden conditional comment contains hyphens ("–") in the opening and closing tag, similar to the basic HTML Comment. The condition appears in the opening portion of the tag, and [endif] is placed prior to the closing portion of the tag. The content is placed inside the comment tags.

Because the first four characters and the last three characters of the comment are identical to a basic HTML Comment element, downlevel browsers ignore the HTML content inside the comment block. Since content is effectively hidden from browsers that do not support conditional comments, this type of conditional comment is called downlevel-hidden.

If the result of the conditional expression is true, the content inside the comment block is parsed and rendered by Internet Explorer 5 and later versions. This behavior makes the downlevel-hidden conditional comment particularly useful for content that has been specifically designed for Internet Explorer.

The following sample illustrates how a client-side script block can be placed inside a conditional comment; in this case, a message is displayed in Internet Explorer 5 and later.

<!--[if gte IE 7]>
<SCRIPT LANGUAGE="javascript">
alert("Congratulations! You are running Internet Explorer 7 or greater.");
</SCRIPT>
<P>Thank you for closing the message box.</P>
<![endif]-->

Code example: http://samples.msdn.microsoft.com/workshop/samples/author/misc/ccdh01.htm

In the preceding example, only the major digit of the browser version is compared because it is the only digit specified in the conditional expression. To compare both major and minor version numbers, specify both digits. For further explanation and examples on specifying the browser’s version number, see Version Vectors.

Downlevel-revealed Conditional Comments

The downlevel-revealed conditional comment enables you to include content in browsers that do not recognize conditional comments. Although the conditional comment itself is ignored, the HTML content inside it is not. Internet Explorer 5 and later versions also parse and render the content if the conditional expression evaluates to true. The downlevel-revealed conditional comment complements the downlevel-hidden conditional comment.

The following snippet shows a typical downlevel-revealed conditional comment.

<![if lt IE 8]>
<p>Please upgrade to Internet Explorer version 8.</p>
<![endif]>

When comparing this type of comment to the basic HTML Comment, notice that there are no hyphens ("–") immediately after the opening "<!" or immediately before the closing ">" of the comment block; therefore, the comment delimiters are treated as unrecognized HTML. Because the browser does not recognize the downlevel-revealed conditional comment, it does nothing with it.

Version Vectors

Conditional expressions can be used to determine the version of the browser used to view a Web page or the edition of Windows used to run the browser. In both cases, the value of the expression is called a version vector and must be specified correctly to obtain the desired result.

When detecting the version of the browser, the major browser version is specified as integer. To check for a minor browser version, follow the version vector by a decimal point and four digits. For example, the version vector for the release build of Internet Explorer 5.5 is 5.5000.

In the following example, only the major version number is specified; therefore, the sample evaluates as true for both Internet Explorer 5 and Internet Explorer 5.5.

<!--[if IE 5]>
<p>Welcome to any incremental version of Internet Explorer 5!</p>
<![endif]-->

The following test correctly identifies Internet Explorer 5.

<!--[if IE 5.0000]>
<p>Welcome to Internet Explorer 5.0!</p>
<![endif]-->

Note Internet Explorer 5, which shipped with Windows 2000, has a version vector equal to 5.0002. Therefore, the conditional expression [if lte IE 5.0000] returns false when evaluated in the release build of Internet Explorer 5.

Internet Explorer 8 on Windows 7. When detecting the edition of Windows, the version vector is an integer corresponding to one of the values supported by the pdwReturnedProductType parameter of the GetProductInfo function. 

<!--[if WindowsVersion 1]>
<p>You are using Windows Ultimate Edition.</p>
<![endif]-->

Add-on developers can use custom version vectors to provide version information to Web pages. To define a custom version vector, add a REG_SZ value to the Version Vector Registry key. The name of the new key defines the feature value to use in a conditional comment, as shown in the following example.

HKEY_LOCAL_MACHINE

Software

Microsoft

Internet Explorer

Version Vector

Contoso = 0.9

The previous example uses a custom version vector to indicate that a pre-release version (0.9) of the fictional Contoso control is installed on a user’s computer. The following example shows how a conditional comment could use this information.

<!--[if lt Contoso 2]>
<p>Your version of the Contoso control is out of date; please update to the latest.</p>
<![endif]-->

Examples

Here are some more examples of conditional comments.

<!--[if IE]><p>You are using Internet Explorer.</p><![endif]-->
<![if !IE]><p>You are not using Internet Explorer.</p><![endif]>

<!--[if IE 7]><p>Welcome to Internet Explorer 7!</p><![endif]-->
<!--[if !(IE 7)]><p>You are not using version 7.</p><![endif]-->

<!--[if gte IE 7]><p>You are using IE 7 or greater.</p><![endif]-->
<!--[if (IE 5)]><p>You are using IE 5 (any version).</p><![endif]-->
<!--[if (gte IE 5.5)&(lt IE 7)]><p>You are using IE 5.5 or IE 6.</p><![endif]-->
<!--[if lt IE 5.5]><p>Please upgrade your version of Internet Explorer.</p><![endif]-->

<!--[if true]>You are using an <em>uplevel</em> browser.<![endif]-->
<![if false]>You are using a <em>downlevel</em> browser.<![endif]>

<!--[if true]><![if IE 7]><p>This nested comment is displayed in IE 7.</p><![endif]><![endif]-->

,

暂无评论

Windows XP 中创建自定义的默认用户配置文件

发布者: Ted 分类: 笔记 在 2011/07/22 | 浏览: 212 次

0
Digg me
  1. 以管理员的身份登录到计算机,然后创建一个本地用户帐户。
  2. 以管理员的身份注销,然后通过刚刚创建的本地用户帐户登录到计算机中。
    警告:如果您在以管理员身份登录时创建了自定义用户配置文件,将会导致权限问题。
  3. 对配置文件进行相应的自定义。例如,安装打印机并映射需要的驱动器。
  4. 以本地用户身份注销,然后以管理员身份重新登录。
  5. 因为该配置文件中有几个文件是隐藏的并且必须复制到新的自定义默认用户配置文件中,所以请打开“显示所有文件和文件夹”选项。为此,请按照下列步骤操作:
    1. 双击“我的电脑”,单击“工具”,然后单击“文件夹选项”。
    2. 在“查看”选项卡上的“高级设置”下,单击“显示所有文件和文件夹”,然后单击“确定”。
  6. 用自定义的默认用户配置文件替换当前的默认用户配置文件。为此,请按照下列步骤操作:
    1. 在“控制面板”中,双击“系统”。
    2. 在“系统属性”对话框中,单击“高级”选项卡。
    3. 在“用户配置文件”下,单击“设置”。
    4. 在“用户配置文件”对话框中,单击刚刚创建的用户配置文件,然后单击“复制到”。
    5. 在“复制到”对话框中,在“将配置文件复制到”下,单击“浏览”,单击“C:\Documents and Settings\Default User”文件夹,然后单击“确定”。
    6. 在“允许使用”下,单击“更改”,单击“Everyone”,然后单击“确定”。如果“Everyone”不可用,请单击“高级”,单击“开始查找”,单击“Everyone”,然后单击“确定”。

暂无评论