DBCC CHECKIDENT can reset the identity value of the table. For example, YourTable has 10 rows with 10 as the last identity. If we want the next record to have the identity of 25, we need to run the following TSQL script in Query Analyzer.
DBCC CHECKIDENT (yourtable, reseed, 24)
If yourtable has to start with an identity of 1, the table should be reseeded with an identity of 0. If the identity seed is set below the values that are currently in the table, it will violate the uniqueness constraint and will generate error.
Tuesday, 20 September 2011
How to search Stored Procedures in SQL Server
The following stored procedure will list all stored procedure names whose text contains the parameter search string:
CREATE PROCEDURE Find_Text_In_SP
@StringToSearch varchar(100)
AS
SET @StringToSearch = '%' +@StringToSearch + '%'
SELECT Distinct SO.Name
FROM sysobjects SO (NOLOCK)
INNER JOIN syscomments SC (NOLOCK) on SO.Id = SC.ID
AND SO.Type = 'P'
AND SC.Text LIKE @stringtosearch
ORDER BY SO.Name
GO
The following stored procedure list all stored procedure names whose text contains the parameter search string:
CREATE PROCEDURE Find_SPName_With_Text
@StringToSearch varchar(100)
AS
SET @StringToSearch = '%' + @StringToSearch + '%'
SELECT DISTINCT SO.NAME
FROM SYSOBJECTS SO (NOLOCK)
WHERE SO.TYPE = 'P'
AND SO.NAME LIKE @StringToSearch
ORDER BY SO.Name
GO
CREATE PROCEDURE Find_Text_In_SP
@StringToSearch varchar(100)
AS
SET @StringToSearch = '%' +@StringToSearch + '%'
SELECT Distinct SO.Name
FROM sysobjects SO (NOLOCK)
INNER JOIN syscomments SC (NOLOCK) on SO.Id = SC.ID
AND SO.Type = 'P'
AND SC.Text LIKE @stringtosearch
ORDER BY SO.Name
GO
The following stored procedure list all stored procedure names whose text contains the parameter search string:
CREATE PROCEDURE Find_SPName_With_Text
@StringToSearch varchar(100)
AS
SET @StringToSearch = '%' + @StringToSearch + '%'
SELECT DISTINCT SO.NAME
FROM SYSOBJECTS SO (NOLOCK)
WHERE SO.TYPE = 'P'
AND SO.NAME LIKE @StringToSearch
ORDER BY SO.Name
GO
Monday, 19 September 2011
How to configure Remote Desktop to use SSL
Prerequisites
By default, Terminal Server uses native RDP encryption and does not authenticate the server. To use SSL for server authentication and to encrypt terminal server communications, you must configure both the server computer and the client computer correctly.
Server prerequisites
For SSL authentication to work correctly, your terminal server must meet both the following requirements:
• Your terminal server must be running Windows Server 2003 SP1 or above.
• You must obtain a certificate for your terminal server.
Client prerequisites
The client computer must be upgraded to use the RDP 5.2 client program. The RDP 5.2 client program is included with Windows Server 2003 SP1. You can install this client-side Remote Desktop Connection package by using the %SYSTEMROOT%\System32\Clients\Tsclient\Win32\Msrdpcli.msi file.
Server: Configure SSL authentication and encryption
To configure SSL authentication and encryption on the server, follow these steps:
1.Start the Terminal Services Configuration tool. To do this, click Start, point to Administrative Tools, and then click Terminal Services Configuration.
2.In the left pane, click Connections.
3.In the right pane, right-click the connection that you want to configure, and then click Properties.
4.On the General tab, click Edit next to Certificate.
5.In the Select Certificate dialog box, click the certificate that you want to use.
NoteServer Authentication must appear in the Intended Purpose column for this certificate. Additionally, this certificate must be an X.509 certificate with a corresponding private key. To determine whether the certificate has a private key, click View Certificate. The following message text appears at the bottom of the certificate information:
You have a private key that corresponds to this certificate.
Click OK.
6.Click OK.
7.In the Security layer list, click one of the following options:◦Negotiate: This security method uses TLS 1.0 to authenticate the server if TLS is supported. If TLS is not supported, the server is not authenticated.
◦RDP Security Layer: This security method uses Remote Desktop Protocol encryption to help secure communications between the client computer and the server. If you select this setting, the server is not authenticated.
◦SSL: This security method requires TLS 1.0 to authenticate the server. If TLS is not supported, you cannot establish a connection to the server. This method is only available if you select a valid certificate.
Note If you click Negotiate or SSL in the Security layer list, you must also configure one of the following:◦Set the encryption level to High.
◦Configure FIPS-compliant encryption.
8.In the Encryption level list, click one of the following options:
◦FIPS Compliant: If you use this setting, or if you set the System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing option by using Group Policy, data is encrypted and decrypted between the client computer and the server that has FIPS 140-1 encryption algorithms by using Microsoft cryptographic modules.
◦High If you use this setting, data that is sent between the client computer and the server is encrypted by using 128-bit encryption.
◦Client Compatible If you use this setting, data that is sent between the client computer and then server is encrypted by using the maximum key strength that is supported by the client computer.
◦Low If you use this setting, data that is sent between the client computer and the server is encrypted by using 56-bit encryption.
Note This option is not available when you click SSL in the Security layer list.
9.Click to select the Use standard Windows logon interface check box to specify that users log on to the terminal server by typing their credentials in the default Windows logon dialog box.
10.Click OK.
Client: Configure SSL authentication and encryption
1.Start Remote Desktop Connection.
2.Click Options, and then click the Security tab.
Note The Security tab appears if you install the Windows Server 2003 SP1 version of Remote Desktop Connection.
3.In the Authentication list, click one of the following options:
◦No authentication: This is the default option. If you select this option, the terminal server is not authenticated.
◦Attempt authentication: If you select this option, and if TLS is supported and correctly configured, TLS 1.0 is used to authenticate the terminal server.
If you click Attempt authentication, you can choose to continue your Terminal Services connection without TLS authentication if one of the following authentication errors occur:
■The server certificate is expired.
■The server certificate is not issued by a trusted root Certification Authority.
■The name in the certificate does not match the name of the client computer.
Other authentication errors cause the Terminal Services connection to fail.
4.Require authentication: If you click this option, TLS is required to authenticate the terminal server. If TLS is not supported, or if TLS is not correctly configured, the connection attempt is not successful. This option is only available for client computers that connect to terminal servers that are running Windows Server 2003 SP1.
By default, Terminal Server uses native RDP encryption and does not authenticate the server. To use SSL for server authentication and to encrypt terminal server communications, you must configure both the server computer and the client computer correctly.
Server prerequisites
For SSL authentication to work correctly, your terminal server must meet both the following requirements:
• Your terminal server must be running Windows Server 2003 SP1 or above.
• You must obtain a certificate for your terminal server.
Client prerequisites
The client computer must be upgraded to use the RDP 5.2 client program. The RDP 5.2 client program is included with Windows Server 2003 SP1. You can install this client-side Remote Desktop Connection package by using the %SYSTEMROOT%\System32\Clients\Tsclient\Win32\Msrdpcli.msi file.
Server: Configure SSL authentication and encryption
To configure SSL authentication and encryption on the server, follow these steps:
1.Start the Terminal Services Configuration tool. To do this, click Start, point to Administrative Tools, and then click Terminal Services Configuration.
2.In the left pane, click Connections.
3.In the right pane, right-click the connection that you want to configure, and then click Properties.
4.On the General tab, click Edit next to Certificate.
5.In the Select Certificate dialog box, click the certificate that you want to use.
NoteServer Authentication must appear in the Intended Purpose column for this certificate. Additionally, this certificate must be an X.509 certificate with a corresponding private key. To determine whether the certificate has a private key, click View Certificate. The following message text appears at the bottom of the certificate information:
You have a private key that corresponds to this certificate.
Click OK.
6.Click OK.
7.In the Security layer list, click one of the following options:◦Negotiate: This security method uses TLS 1.0 to authenticate the server if TLS is supported. If TLS is not supported, the server is not authenticated.
◦RDP Security Layer: This security method uses Remote Desktop Protocol encryption to help secure communications between the client computer and the server. If you select this setting, the server is not authenticated.
◦SSL: This security method requires TLS 1.0 to authenticate the server. If TLS is not supported, you cannot establish a connection to the server. This method is only available if you select a valid certificate.
Note If you click Negotiate or SSL in the Security layer list, you must also configure one of the following:◦Set the encryption level to High.
◦Configure FIPS-compliant encryption.
8.In the Encryption level list, click one of the following options:
◦FIPS Compliant: If you use this setting, or if you set the System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing option by using Group Policy, data is encrypted and decrypted between the client computer and the server that has FIPS 140-1 encryption algorithms by using Microsoft cryptographic modules.
◦High If you use this setting, data that is sent between the client computer and the server is encrypted by using 128-bit encryption.
◦Client Compatible If you use this setting, data that is sent between the client computer and then server is encrypted by using the maximum key strength that is supported by the client computer.
◦Low If you use this setting, data that is sent between the client computer and the server is encrypted by using 56-bit encryption.
Note This option is not available when you click SSL in the Security layer list.
9.Click to select the Use standard Windows logon interface check box to specify that users log on to the terminal server by typing their credentials in the default Windows logon dialog box.
10.Click OK.
Client: Configure SSL authentication and encryption
1.Start Remote Desktop Connection.
2.Click Options, and then click the Security tab.
Note The Security tab appears if you install the Windows Server 2003 SP1 version of Remote Desktop Connection.
3.In the Authentication list, click one of the following options:
◦No authentication: This is the default option. If you select this option, the terminal server is not authenticated.
◦Attempt authentication: If you select this option, and if TLS is supported and correctly configured, TLS 1.0 is used to authenticate the terminal server.
If you click Attempt authentication, you can choose to continue your Terminal Services connection without TLS authentication if one of the following authentication errors occur:
■The server certificate is expired.
■The server certificate is not issued by a trusted root Certification Authority.
■The name in the certificate does not match the name of the client computer.
Other authentication errors cause the Terminal Services connection to fail.
4.Require authentication: If you click this option, TLS is required to authenticate the terminal server. If TLS is not supported, or if TLS is not correctly configured, the connection attempt is not successful. This option is only available for client computers that connect to terminal servers that are running Windows Server 2003 SP1.
How to disable PCT 1.0 and SSL 2.0 in IIS
IIS stores information about different security-enhanced channel protocols in the following registry key:
HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders \SCHANNEL\Protocols
Typically, this key contains the following subkeys:
• PCT 1.0
• SSL 2.0
• SSL 3.0
• TLS 1.0
To disable a protocol, create a new DWORD value in the server subkey of the protocol. Set the DWORD value to "00 00 00 00". Reboot the server for changes to take effect.
HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders \SCHANNEL\Protocols
Typically, this key contains the following subkeys:
• PCT 1.0
• SSL 2.0
• SSL 3.0
• TLS 1.0
To disable a protocol, create a new DWORD value in the server subkey of the protocol. Set the DWORD value to "00 00 00 00". Reboot the server for changes to take effect.
Wednesday, 14 September 2011
Passive FTP
Passive FTP mode is used by some newer FTP servers on the Internet to better work with firewalls. Microsoft Internet Explorer includes a setting for Passive FTP (sometimes called "PASV") mode. You may need to either enable or disable this setting to allow Internet Explorer to work as an FTP client with a given FTP server. Follow these instructions to make it happen:
1. Open Internet Explorer from the Start Menu or command line.
2. On the Internet Explorer menu, click Tools to open the Tools menu.
3. On the Tools menu, click Internet Options... . A new Internet Options window will appear on the screen.
4. In the Internet Options window, click the Advanced tab.
5. First, find the setting called Enable folder view for FTP sites (located near the top of the list of settings). Ensure this feature is disabled (unchecked). Passive FTP mode in Internet Explorer will not work unless this feature is disabled.
6. Next, find the setting called Use Passive FTP (located approximately halfway down in the list of settings).
7. To enable the Passive FTP feature, set the checkmark in the box next to the Use Passive FTP setting. To disable the feature, clear the checkmark. Alternately set and clear the checkmark by clicking once inside the checkbox.
8. Click OK or Apply to save the Passive FTP setting.
1. Open Internet Explorer from the Start Menu or command line.
2. On the Internet Explorer menu, click Tools to open the Tools menu.
3. On the Tools menu, click Internet Options... . A new Internet Options window will appear on the screen.
4. In the Internet Options window, click the Advanced tab.
5. First, find the setting called Enable folder view for FTP sites (located near the top of the list of settings). Ensure this feature is disabled (unchecked). Passive FTP mode in Internet Explorer will not work unless this feature is disabled.
6. Next, find the setting called Use Passive FTP (located approximately halfway down in the list of settings).
7. To enable the Passive FTP feature, set the checkmark in the box next to the Use Passive FTP setting. To disable the feature, clear the checkmark. Alternately set and clear the checkmark by clicking once inside the checkbox.
8. Click OK or Apply to save the Passive FTP setting.
Subscribe to:
Posts (Atom)