远程桌面发生身份验证错误,要求的函数不受支持

远程桌面发生身份验证错误,要求的函数不受支持
An authentication error has occurred. The function requested is not supported.
Windows 7 (win7)远程登录服务器以前都是正常的,今天登录远程桌面一直是这样的错误。
Windows 10 (win10)出现身份验证错误,要求的函数不正确,这可能是由于CredSSP加密Oracle修正。

方法1:卸载更新
卸载更新KB4103718(适用于基于 x64 的系统的 Windows 7 月度安全质量汇总),重启Windows 7即可正常登录。

方法2:使用微软官方建议修改本地组策略(命令提示符输入gpedit.msc打开本地组策略)
计算机配置>管理模板>系统>凭据分配>加密Oracle修正 选择启用并选择易受攻击。(易受攻击– 使用 CredSSP 的客户端应用程序将通过支持回退到不安全的版本使远程服务器遭受攻击,但使用 CredSSP 的服务将接受未修补的客户端。)
english version
Group Policy -> Computer Configuration -> Administrative Templates -> System -> Credentials Delegation> Encrypted Oracle Remediation change to Vulnerable (Vulnerable – Client applications that use CredSSP will expose the remote servers to attacks by supporting fallback to insecure versions, and services that use CredSSP will accept unpatched clients.)

https://support.microsoft.com/zh-cn/help/4093492/credssp-updates-for-cve-2018-0886-march-13-2018
https://support.microsoft.com/en-hk/help/4093492/credssp-updates-for-cve-2018-0886-march-13-2018

如何在IIS 7,7.5,8.0,8.5和ASP.NET中删除HTTP响应标头

如何在IIS 7,7.5,8.0,8.5和ASP.NET中删除HTTP响应标头,修改或隐藏IIS 7,7.5,8.0,8.5的Server头信息。
How to remove HTTP response headers in IIS 7, 7.5, 8.0, 8.5, and ASP.NET.

1、使用url-rewrite规则,先安装http://www.iis.net/downloads/microsoft/url-rewrite
2、把下面复制到web.config

<rewrite>    
  <outboundRules rewriteBeforeCache="true">
    <rule name="Remove Server header">
      <match serverVariable="RESPONSE_Server" pattern=".+" />
      <action type="Rewrite" value="Apache" />
    </rule>
  </outboundRules>
</rewrite>

3、重启IIS

或者使用UrlScan 3.1
https://www.iis.net/downloads/microsoft/urlscan
UrlScan 3.1是一种安全工具,可以限制IIS将处理的HTTP请求类型。 通过阻止特定的HTTP请求,UrlScan 3.1安全工具有助于防止可能有害的请求到达服务器上的应用程序。

全局配置文件
C:\Windows\System32\inetsrv\urlscan\UrlScan.ini

RemoveServerHeader=0 改成1以后不显示Server
AlternateServerName= 如果RemoveServerHeader=0可以自己定义

Windows下MySQL-5.7.20绿色免安装版配置与使用

Windows下MySQL-5.7.20绿色免安装版配置与使用
MySQL-5.7.20绿解压缩版(免安装)安装配置教程

下载地址
https://dev.mysql.com/get/Downloads/MySQL-5.7/mysql-5.7.20-winx64.zip
https://cdn.mysql.com//Downloads/MySQL-5.7/mysql-5.7.20-winx64.zip

1、添加环境变量
新建系统变量 MYSQL_HOME ,并配置变量值为 C:\mysql-5.7.20-winx64 ;
编辑用户变量 Path ,将%MYSQL_HOME%\bin 追加到 Path 变量值后面。注意不是覆盖。

2、将my-default.ini名称改为:my.ini
下面是参数配置
[mysql]
default-character-set = utf8mb4
[mysqld]
basedir=C:\mysql-5.7.20-winx64
datadir=C:\mysql-5.7.20-winx64\data
bind-address = 0.0.0.0
server-id = 1
init-connect = 'SET NAMES utf8mb4'
character-set-server = utf8mb4

max_connections = 1000
max_connect_errors = 6000
open_files_limit = 65535
table_open_cache = 128
max_allowed_packet = 4M
binlog_cache_size = 1M
max_heap_table_size = 8M
tmp_table_size = 16M

read_buffer_size = 2M
read_rnd_buffer_size = 8M
sort_buffer_size = 8M
join_buffer_size = 8M
key_buffer_size = 4M

thread_cache_size = 8

query_cache_type = 1
query_cache_size = 8M
query_cache_limit = 2M
ft_min_word_len = 4
log_bin = mysql-bin
binlog_format = mixed
expire_logs_days = 30

log_error = C:\mysql-5.7.20-winx64\data\mysql-error.log
slow_query_log = 1
long_query_time = 1
slow_query_log_file = C:\mysql-5.7.20-winx64\data\mysql-slow.log
performance_schema = 0
explicit_defaults_for_timestamp

#lower_case_table_names = 1

skip-external-locking

default_storage_engine = InnoDB
innodb_file_per_table = 1
innodb_open_files = 500
innodb_buffer_pool_size = 64M
innodb_write_io_threads = 4
innodb_read_io_threads = 4
innodb_thread_concurrency = 0
innodb_purge_threads = 1
innodb_flush_log_at_trx_commit = 2
innodb_log_buffer_size = 2M
innodb_log_file_size = 32M
innodb_log_files_in_group = 3
innodb_max_dirty_pages_pct = 90
innodb_lock_wait_timeout = 120

bulk_insert_buffer_size = 8M
myisam_sort_buffer_size = 8M
myisam_max_sort_file_size = 10G
myisam_repair_threads = 1

interactive_timeout = 28800
wait_timeout = 28800

3、 安装mysql服务
MySQL-5.7.20提示msvcr120.dll丢失,需要安装vc2015,下载地址https://www.microsoft.com/en-us/download/details.aspx?id=48145

管理员身份在命令提示符下运行
C:\>cd mysql-5.7.20-winx64
C:\mysql-5.7.20-winx64>cd bin
C:\mysql-5.7.20-winx64\bin>mysqld -install MySQL --defaults-file="C:\mysql-5.7.20-winx64\my.ini"

4、初始化MySQL-5.7.20
data文件夹不为空是不能执行这个命令的。密码可以去进入data文件,打开一个.err结尾的文件查看,如果设置了errorlog那么在mysql-error.log查看密码
C:\mysql-5.7.20-winx64\bin>mysqld --initialize 自动生成带随机密码的root用户
C:\mysql-5.7.20-winx64\bin>mysqld --initialize-insecure 自动生成无密码的root用户

5、启动MySQL服务器,在命令提示符中运行命令:net start MySQL。
C:\mysql-5.7.20-winx64\bin>net start mysql
MySQL 服务正在启动 .
MySQL 服务已经启动成功。

6、修改密码
命令如下:
mysql -uroot -p
ALTER USER 'root'@'localhost' IDENTIFIED BY 'z123456789';

或者
C:\mysql-5.7.20-winx64\bin>mysqladmin -uroot -p password
Enter password:
New password:
Confirm new password:

7、卸载MySQL服务
在命令提示符下进入到C:\mysql-5.7.20-winx64\bin>输入"mysqld -remove"或者"sc delete mysql"执行卸载服务
C:\mysql-5.7.20-winx64\bin>mysqld -remove
Failed to remove the service because the service is running
Stop the service and try again

先要停止MYSQL
net stop mysql

Linux CentOS6 挂载使用 Windows Server 2012 R2 的 WebDAV

Linux CentOS6 挂载使用 Windows Server 2012 R2 的 WebDAV
CentOS6 挂载使用 Windows Server 2012 R2 的 WebDAV
Windows Server 2012 R2 安装 WebDAV
http://www.ibm.com/support/knowledgecenter/SSEP7J_10.2.1/com.ibm.swg.ba.cognos.c8pp_inst.10.2.1.doc/t_enablewebdavoniis.html
https://www.iis.net/configreference/system.webserver/webdav
https://www.iis.net/learn/install/installing-publishing-technologies/installing-and-configuring-webdav-on-iis


yum -y install gcc gcc-c++ wget openssl-devel
wget -c http://www.webdav.org/neon/neon-0.30.2.tar.gz #neon is an HTTP and WebDAV client library, with a C interface. Features:
tar zxf neon-0.30.2.tar.gz
cd neon-0.30.2
./configure --with-ssl
make && make install
wget -c http://download.savannah.gnu.org/releases/davfs2/davfs2-1.5.0.tar.gz
#http://download-mirror.savannah.gnu.org/releases/davfs2/davfs2-1.5.4.tar.gz 更高的版本需要gcc4.9
tar zxf davfs2-1.5.0.tar.gz
cd davfs2-1.5.0
./configure
make && make install
useradd davfs2

yum -y install davfs2
mkdir /root/www.zhangfangzhou.cn
mount.davfs 122.114.250.255 /root/www.zhangfangzhou.cn

可以调整一下参数做系统自动挂载,免去每次手动操作。
第一步:使用sed命令修改系统设置
sed -i 's/# use_locks 1/use_locks 0/g' /etc/davfs2/davfs2.conf

第二步:将WebDAV发布地址以及账号密码写入配置文件
echo "122.114.250.255 账户 密码" > /etc/davfs2/secrets

第三步:加入系统自动启动
echo "mount.davfs 122.114.250.255 /root/www.zhangfangzhou.cn" >> /etc/rc.local
最后reboot系统测试一下吧。

向Windows Server 2016系统添加virtio驱动教程

Virtio 是 KVM 虚拟环境下针对 I/O 虚拟化的最主要的一个通用框架。
向Windows Server 2016系统添加virtio(Virtio)驱动,集成virtio驱动的Windows Server 2016的ISO镜像,在Vultr测试通过。
dism
向Windows Server 2016添加VirtIO驱动教程 集成virtio驱动的Windows Server 2016
步骤
1、安装软碟通(UltraISO)和Haozip, Haozip附带的虚拟光驱也要装上
2、安装ADK部署工具 https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit
3、加载系统镜像cn_windows_server_2016_x64_dvd_9327743.iso到虚拟光驱
4、将boot.wim和install.wim发送到C盘
5、在C盘创建文件夹mount,将驱动解压到C盘virtio

6、以管理员权限运行”Windows PowerShell”或”Command”进入WAIK目录使用DISM (部署映像服务和管理)
C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Deployment Tools

查看wim文件包含的版本个数
dism /get-wiminfo /wimfile:C:/boot.wim 2
dism /get-wiminfo /wimfile:C:/install.wim 4

PS C:\Program Files\Windows AIK\Tools\PETools> dism /get-wiminfo /wimfile:C:/install.wim
索引: 1
名称: Windows Server 2016 Standard
描述: 此选项(推荐使用)仅安装运行大多数服务器角色和应用程序所需的内容,从而减少了
管理和维护工作量。它不包括 GUI,但你可以使用 Windows PowerShell 或其他工具通过本
地或远程方式完全管理服务器。有关更多详细信息,请参阅“Windows Server 安装选项”

大小: 9,615,846,310 个字节

索引: 2
名称: Windows Server 2016 Standard (桌面体验)
描述: 当需要 GUI 时,此选项很有用(例如,为无法在服务器核心安装上运行的应用程序提
供向后兼容性)。支持所有服务器角色和功能。有关更多详细信息,请参阅“Windows Serve
r 安装选项”。
大小: 15,599,232,154 个字节

索引: 3
名称: Windows Server 2016 Datacenter
描述: 此选项(推荐使用)仅安装运行大多数服务器角色和应用程序所需的内容,从而减少了
管理和维护工作量。它不包括 GUI,但你可以使用 Windows PowerShell 或其他工具通过本
地或远程方式完全管理服务器。有关更多详细信息,请参阅“Windows Server 安装选项”

大小: 9,617,008,508 个字节

索引: 4
名称: Windows Server 2016 Datacenter (桌面体验)
描述: 当需要 GUI 时,此选项很有用(例如,为无法在服务器核心安装上运行的应用程序提
供向后兼容性)。支持所有服务器角色和功能。有关更多详细信息,请参阅“Windows Serve
r 安装选项”。
大小: 15,595,966,258 个字节

7、添加virtio驱动到install.wim
dism /mount-wim /wimfile:C:/install.wim /index:1 /mountdir:C:/mount 挂载install.wim映像第一个索引
添加驱动
dism /mount-wim /wimfile:C:/install.wim /index:1 /mountdir:C:/mount
dism /image:C:\mount /add-driver /driver:C:\virtio\NetKVM\2k16\amd64\netkvm.inf
dism /image:C:\mount /add-driver /driver:C:\virtio\vioscsi\2k16\amd64\vioscsi.inf
dism /image:C:\mount /add-driver /driver:C:\virtio\viostor\2k16\amd64\viostor.inf
dism /image:C:\mount /add-driver /driver:C:\virtio\viorng\2k16\amd64\viorng.inf
dism /image:C:\mount /add-driver /driver:C:\virtio\vioserial\2k16\amd64\vioser.inf
dism /image:C:\mount /add-driver /driver:C:\virtio\Balloon\2k16\amd64\balloon.inf
dism /image:C:\mount /add-driver /driver:C:\virtio\qxldod\2k16\amd64\qxldod.inf
dism /image:C:\mount /add-driver /driver:C:\virtio\pvpanic\2k16\amd64\pvpanic.inf
dism /image:C:\mount /add-driver /driver:C:\virtio\qemupciserial\2k16\amd64\qemupciserial.inf
dism /image:C:\mount /add-driver /driver:C:\virtio\qemufwcfg\2k16\amd64\qemufwcfg.inf
dism /image:C:\mount /add-driver /driver:C:\virtio\vioinput\2k16\amd64\vioinput.inf
Dism /Image:C:\mount /Add-Package /PackagePath:E:\HOTFIX #添加补丁文件
dism /image:C:\mount /get-drivers #获取添加的驱动信息
dism /unmount-wim /mountdir:C:/mount /commit #卸载

添加virtio驱动后查看一下安装信息,查看是否添加到映像里面。如果驱动没经过微软认证的话,记得在添加驱动那一步结尾加上”/forceunsigned”参数
dism /image:C:\mount /get-drivers

dism /unmount-wim /mountdir:C:/mount /commit 卸载映像

第二个索引
dism /mount-wim /wimfile:C:/install.wim /index:2 /mountdir:C:/mount 挂载install.wim映像第二个索引
....
....
第三个索引
dism /mount-wim /wimfile:C:/install.wim /index:3 /mountdir:C:/mount 挂载install.wim映像第三个索引
....
....
第四个索引
dism /mount-wim /wimfile:C:/install.wim /index:4 /mountdir:C:/mount 挂载install.wim映像第四个索引
....
....
7、添加virtio驱动到boot.wim
dism /get-wiminfo /wimfile:C:/boot.wim
部署映像服务和管理工具
版本: 10.0.14393.0

映像的详细信息: C:/boot.wim

索引: 1
名称: Microsoft Windows PE (x64)
描述: Microsoft Windows PE (x64)
大小: 1,745,492,664 个字节

索引: 2
名称: Microsoft Windows Setup (x64)
描述: Microsoft Windows Setup (x64)
大小: 1,863,239,432 个字节

dism /mount-wim /wimfile:C:/boot.wim /index:1-2 /mountdir:C:/mount
dism /image:C:\mount /add-driver /driver:C:\virtio\NetKVM\2k16\amd64\netkvm.inf
dism /image:C:\mount /add-driver /driver:C:\virtio\vioscsi\2k16\amd64\vioscsi.inf
dism /image:C:\mount /add-driver /driver:C:\virtio\viostor\2k16\amd64\viostor.inf
dism /image:C:\mount /add-driver /driver:C:\virtio\viorng\2k16\amd64\viorng.inf
dism /image:C:\mount /add-driver /driver:C:\virtio\vioserial\2k16\amd64\vioser.inf
dism /image:C:\mount /add-driver /driver:C:\virtio\Balloon\2k16\amd64\balloon.inf
dism /image:C:\mount /add-driver /driver:C:\virtio\qxldod\2k16\amd64\qxldod.inf
dism /image:C:\mount /add-driver /driver:C:\virtio\pvpanic\2k16\amd64\pvpanic.inf
dism /image:C:\mount /add-driver /driver:C:\virtio\qemupciserial\2k16\amd64\qemupciserial.inf
dism /image:C:\mount /add-driver /driver:C:\virtio\qemufwcfg\2k16\amd64\qemufwcfg.inf
dism /image:C:\mount /add-driver /driver:C:\virtio\vioinput\2k16\amd64\vioinput.inf
Dism /Image:C:\mount /Add-Package /PackagePath:E:\HOTFIX #添加补丁文件
dism /image:C:\mount /get-drivers #获取添加的驱动信息
dism /unmount-wim /mountdir:C:/mount /commit #卸载
----------------------------------------
NetKVM/: Virtio Network driver
viostor/: Virtio Block driver
vioscsi/: Virtio SCSI driver
viorng/: Virtio RNG driver
vioser/: Virtio serial driver
Balloon/: Virtio Memory Balloon driver
qxl/: QXL graphics driver for Windows 7 and earlier. (build virtio-win-0.1.103-1 and later)
qxldod/: QXL graphics driver for Windows 8 and later. (build virtio-win-0.1.103-2 and later)
pvpanic/: QEMU pvpanic device driver (build virtio-win-0.1.103-2 and later)
guest-agent/: QEMU Guest Agent 32bit and 64bit MSI installers
qemupciserial/: QEMU PCI serial device driver
*.vfd: VFD floppy images for using during install of Windows XP
-----------------------------------------------------------------------------------
添加virtio驱动脚本(未测试)

@echo off
set bootvar=0
set /p bootwimpath=请输入wim文件完整路径例如(D:\boot.wim):
set /p installlwimpath=请输入wim文件完整路径例如(D:\install.wim):
set /p temppath=请输入临时目录完整路径确保文件夹为空(例如:D:\temp):
set /p driverpath=请输入要加入的驱动路径(例如:D:\win2008r2):
dism /get-wiminfo /wimfile:%bootwimpath%
set /p bootcount=请输入当前boot.wim文件所包含的版本个数:
dism /get-wiminfo /wimfile:%installlwimpath%
set /p installcount=请输入当前install.wim文件所包含的版本个数:
rem ************循环开始了
:bootcontinue
set /a bootvar+=1
echo boot.wim第%bootvar%次循环 >>dism.log
echo ====================================================================================== >>dism.log
echo 为boot.wim加载驱动 >> dism.log
dism /mount-wim /wimfile:%bootwimpath% /index:%bootvar% /mountdir:%temppath% >>dism.log
dism /image:%temppath% /add-driver /driver:%driverpath% /recurse /forceunsigned >>dism.log
dism /unmount-wim /mountdir:%temppath% /commit >>dism.log
echo 等待5s准备导入下一版本,如需取消请立即按Ctrl+C >>dism.log
rem 等待10秒 ping本机10次不使用默认的次数,nul是不显示ping信息:
@ping -n 5 127.1>nul
if %bootvar% lss %bootcount% goto bootcontinue
rem ************循环结束了
echo boot.wim循环执行完毕 >>dism.log

set varinstall=0
rem ************循环开始了
:installcontinue
set /a varinstall+=1
echo install.wim第%varinstall%次循环 >>dism.log
echo ====================================================================================== >>dism.log
dism /mount-wim /wimfile:%installlwimpath% /index:%varinstall% /mountdir:%temppath% >>dism.log
dism /image:%temppath% /add-driver /driver:%driverpath% /recurse /forceunsigned >>dism.log
dism /unmount-wim /mountdir:%temppath% /commit >>dism.log
echo 等待5s准备导入下一版本,如需取消请立即按Ctrl+C >>dism.log
rem 等待10秒 ping本机10次不使用默认的次数,nul是不显示ping信息:
@ping -n 5 127.1>nul
if %varinstall% lss %installcount% goto installcontinue
rem ************循环结束了
echo install.wim循环执行完毕 >>dism.log
pause
在D:根目录创建一个test.bat文件,将上面脚本拷入文件中,执行脚本,输入所需路径参数 ,boot.wim版本数为2
-----------------------------------------------------------------------------------

8、封装处理
使用UltraISO, 打开cn_windows_server_2016_x64_dvd_9327743.iso将镜像里的boot.wim和install.wim删除(路径:/sources),
再将刚开始从镜像里提取到c盘的boot.wim和install.wim添加进去,然后保存即可。

Haozip http://haozip.com/
Windows 10 (Windows Server 2016) ADK https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit
virtio驱动下载地址 https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/stable-virtio/virtio-win.iso
virtio驱动相关说明 http://pve.proxmox.com/wiki/Windows_VirtIO_Drivers
DISM – 部署映像服务和管理 (DISM) 技术参考 http://technet.microsoft.com/zh-cn/library/hh824821.aspx

集成virtio驱动的Windows Server 2016的ISO镜像 http://arv.asuhu.com/cn_windows_server_2016_vl_x64_dvd_11636695_vitio_20180415.iso
集成virtio驱动的Windows 10 的ISO镜像 http://arv.asuhu.com/cn_windows_10_multi-edition_vl_version_1709_updated_dec_2017_x64_dvd_100406208_virtio_20180202.iso

IIS7.5、IIS8、IIS8.5文件上传大小限制30M修改方法


IIS7.5、IIS8、IIS8.5文件上传大小限制30M修改方法

虽然可以直接更改配置文件,即C:\Windows\System32\inetsrv\config\schema\下的IIS_schema.xml文件,但是考虑到安全等问题,而且这个文件默认是只读的,所以不建议直接修改这

个配置文件。
而应该在iis的管理器里修改:打开某一个网站或者点击根节点,在最下方的“管理”部分,选择“配置编辑器”然后找到节点system.webServer/security/requestFiltering将里面的

requestlimits下的maxAllowedContentLength的值(原本为30000000,即30M)修改为1024000000,即1G即可,这样修改直接就能生效,无需重启iis或者服务器。


IIS30M