My Own Virtual World
I actually intended on writing a small paragraph on Microsoft Excel’s conditional formatting that hopefully I’ll get to at some other time. The reason for the shift is due to today being one of the more exciting days I’ve had in a while. I’m not sure how many others can appreciate why, but here goes:: I received the much anticipated copy of Microsoft Virtual PC 2004.
I tried explaining my outwardly expressive excitement to a relative and their direct response, ‘You’re a nerd!’ I am not certain how I should have taken that, but being a bit defensive; I went ahead and denied it profusely. Should I have a bit of resentment towards that comment?
Immediately following my repudiation, I continue along like I was a kid in a candy store. For those that aren’t fully aware of what this program does, it basically, allows you to run many virtual machines simultaneously on one desktop. Not only are these acting as separate machines, but they’re in there own (separate) space and have their own (separate) operating systems and applications installed. Note: It doesn’t come with anything other than the Virtual PC software so you’ll need to make sure you have your own legitimate copies of the operating systems that you intend to install. This would also hold true for any of the applications you install on the Virtual PC as well. I’d read the licensing carefully. I am a firm believer that an author’s license agreement should be honored.
Another thing [with this software] that caused my great excitement is that each Virtual PC is contained within one individual file on the host machine. Tell me that this isn’t sweet. Just think of all the potential things this could mean. You can easily backup the file and have ‘virtually’ a complete system backup. Each file is virtually its own machine, so you could set up the host bare bones and use one of the virtual machines as your main system. In the event of a host failure you could quickly get the Virtual Machine running of a different host. Provided you have the proper backup of course. This results in a quasi-disaster recovery plan. This also allows for a nice avenue to go in and test some tweaks and setting changes here and there and then simply replace a file to get you back to square one. There is an undo disk option that I haven’t played with that claims allow for reverting back to a previous state.
The added bonus is application testing with different operating systems. The testing of applications at various levels of patching and service packs on these systems before rollout is simplified 10,000 fold. Did I mention each Virtual Machine is in one file? Think of how quickly you can replace a tragically altered Virtual Machine. Gone are the days of separate machine(s) for pre-deployment testing. A robust production machine can quickly test a wide range of scenarios with far less space and equipment minimizing down time.
Each machine is customizable to the extent of memory and system resources. From my experience thus far it has access to most all of the host system’s hardware resources. You can even specify which NIC a Virtual Machine will use (if you have more than one or if at all).
If it is any indication of my level of excitement is that I dug into the treasure archive and set up a Virtual Machine with my old MS-DOS 6.22 disks. I haven’t touched a floppy in years, but figured it’d be a nice ‘to have around’ setup. I even found some DOS 6.0 and Windows 3.1 disks. Those will get setup as well. Why install them? Who knows, but they all will reside in their own files. The file sizes don’t seem to be bulky at all, in fact it seems to be the opposite it is not a 1:1 relationship. I did also go through the motions wiith Windows 98SE, Windows XP Home and Windows 2000 Pro Virtual Machine and they all initially seem to work well.
Next up at bat is Fedora with Open Office…… a nice slow transition……
What’s the count anyway?
There are so many documents and pieces of information that someone deals with on a given day. I actually did stop to think about it, and I was amazed at the amount of information that I pass through on daily basis. Fortunately, >95% of my interactions consist of electronic information.
For some strange statistical reason, I recently wanted to know the number of characters that were contained within a set of text files. These files were basic text documents, that could be viewed with any text-editor. I guess, that was the easy part. Getting the count, well, I couldn’t picture anything better than spending an afternoon with Siruis cranked and a print out of the document and ‘ticking off’ each character.
As mentioned before, I am a huge fan of working efficient (smart) rather than hard. In most cases it is not how you get there; rather getting there that is important. I have had experience working with text editors at different levels and figured that it wouldn’t be too difficult to come up with a basic text-editor to do all the work for me.
This journey’s result -- CharCount. CharCount is a fully functional (basic) text-editor that displays character and word count information. Simply enter or open text and CharCount will display the total number of characters (consonants, vowels and other) along with a sort-able list of words and the frequency of their appearance. CharCount will also display line numbers for reference. I have added this application to the freeware section of the site. Feel free to download it and give it a whirl. If there is anything that you think it needs please feel from to let me know.
This whole concept has also set me down the road thinking of revamping the ‘old’ ANoteWrite. That application hadn’t been touched in a while and I think it could use an overhaul. We’ll see where that leads, if anywhere......
Access Control: ACL and ACE???
There are numerous folders, files and resources within the operation system. Some you had created and others are created and maintained by the operating system or installed applications. Also, in most corporate environments there typically is a shared (network) location for the storage of corporate files and resources. In either case the sensitivity level of the contents of these files varies. Some files may contain benign information that if anyone accessed or modified wouldn't result in sleep loss or pose any harmful side effects. Other files may be considered safe if accessed by anyone, but catastrophic if anyone but a select few modify its contents. There are also those files that contain information that should only be accessible by certain groups or individuals. After all, we can’t forget those lovely users that will browse through every single file to see what piece of gossip they can get their hands on or what they can change. With a countless number of imaginable scenarios one would hope there was some way to control resource access. Fortunately there is, the Access Control List or ACL.
The Access Control List is a list of security protections that are applied to system resources (files and folders do fall into resources). Each ACL [there are two types: Discretionary (DACL) and System (SACL)] has a list of Access Control Entries (ACE) that define access for Trustees. When it comes to users and groups, the DACL has access entries that basically define whether or not a Trustee has allow (ACCESS_ALLOWED_ACE) or deny (ACCESS_DENIED_ACE) access to the resource. The process of defining all of these goes far deeper than I am going to go.
What about getting information from an established ACLs? Basically determining who has defined access to what. Is there better resource management besides actually reviewing and verifying ACLs for resources? The first thing that is necessary is to obtain the resource's DACL. GetNamedSecurityInfo and GetSecurityDescriptorDacl will get you there. Once the DACL is obtained the next step is to loop through and process each ACE (AceCount tells you how many there are). The ACE_HEADER of an entry determines which AceType (allow or deny) the entry is. Within in each ACE there is a Mask that specifies the level of access (Read, Write, Modify, Execute, etc...) for the entry. Effective and Explicit rights are defined. This is all pretty straight forward and simple once you grasp hold of the concept.
When it comes to systems I am definitely the inquisitive type. Often I find myself in a position where I need or want to audit a file or folder's effective ACL information. I never really found a quick way to do this. I usually resort to selecting a file or folder, then viewing the Security tab of the Properties and scrolling through each Trustee listed. A quick look at this process and I don't think that it can get any more tedious or time consuming. Fortunately, there was a cold and rainy day available for me to think about this and review ACL security and structure. The result: A tool that significantly eases the process. BPACLer is a utility that lists the entries a file or folder’s access control list. The OWNER information is also listed on the ACE display. Try it out and if there is anything that you think would be a nice addition or change to the utility please let me know.
This information in this posting is not intended to guide in or fully explain security at any level. It is merely intended as a superficial exposure to Windows Access Control. Dig deep enough and you'll find a number of in-depth how-to resource security and design materials.