Windows Defender Firewall Inbound Rule for ICMPv6
Hi!
I'm getting more into IPv6 these days and found that ICMP is very important for IPv6 connectivity.
Windows Defender Firewall with Advanced Security (on Windows 10 at least) comes with some inbound ICMPv6 allow rules, but unfortunately they don't allow for quite enough.
I went ahead to create a rule by hand, but found out that you cannot set a group for the rule through the GUI, so instead I opted for creating a little PowerShell command.
You have to run it from a UAC-elevated PowerShell instance.
This rule is based on the existing default ICMPv6 rules.
Create the rule:
New-NetFirewallRule -DisplayName "Core Networking - CUSTOM - Allow Incoming ICMPv6" -Group "Core Networking" -Direction Inbound -Action Allow -Protocol ICMPv6 -Program System
Remove the rule again:
Remove-NetFirewallRule -DisplayName "Core Networking - CUSTOM - Allow Incoming ICMPv6"
Some people may want to exclude echo request for privacy or "security (through obscurity)" reasons, but I don't think it's that big of a deal.
Of course feel free to customize the command in general. The official documentation page (docs.microsoft.com) is very informative.
If you have any other firewalls between you and the sender, you may have to check their rules as well.
I tested the rules with a website like ipv6-test.com.
Thanks for reading!
Using Git Bash With Custom Installation Of GPG / GnuPG
Hi!
You have probably noticed that Git for Windows comes with MinGW64, which enables you to use programs (or to be more precise: Windows versions of these programs) that are usually only available to Linux users. One of the programs that MinGW64 / Git for Windows ships with is GPG / GnuPG. The current version of Git for Windows (2.17.1) for example comes with GPG version 1.4.22.
If you prefer using a custom installation of GPG / GnuPG by default, which is probably much more current than the one you installed manually (2.x), you can achieve this by doing the following:
- Install GPG as you normally would
- Make sure it is executable in the command line / PowerShell (as in: make sure the bin/ subdirectory of the GPG program directory is included in the PATH environment variable)
- Go to the Git for Windows program directory (e.g. C:\Program Files\Git\)
- Navigate to the usr/bin/ subdirectory and rename gpg.exe to something else (like gpg_disabled.exe)
- Close any open Git Bash instances and start a fresh one
- Check the GPG version via
gpg --version
The way that Git Bash works is that is has its own set of directories which have a higher priority when looking for executable files than the ones in Windows' PATH environment variable. So in order to have your own GPG executable working as the "gpg" command, you have to get the included gpg.exe out of the way so it keeps looking in Windows' PATH environment variable.
You can still access the old GPG executable by using the new name (e.g. "gpg_disabled").
Unfortunately you have to do these steps every time you install or update Git for Windows, but at least now you know where to look!
The upside is that now Git (executed from the Git Bash) also uses your own version of GPG for its GPG-related operations.
I hope this was helpful.
Thanks for reading!
Using msysgit With PuTTY Pageant & Plink
Hi!
If you have installed msysgit and are planning on using it in combination with Pageant from the PuTTY tool suite, you might run into the problem that it does not attempt to use any of the keys you have already loaded into Pageant. You can fix this by telling msysgit which program to use for the git fetch and pull operations:
- Open your System window (Windows + Pause or "Start" => Right-click on "Computer" => "Properties")
- Click on "Advanced system settings" (on the left)
- Click on "Environment Variables..." (on the bottom)
- Add a new system variable (or user variable if you just want this setting for the current user): "New..."
- Variable name: GIT_SSH
Variable value: (path to plink.exe) for example: C:\Program Files (x86)\PuTTY\plink.exe (important: just the path, no quotation marks at the beginning or the end!) - If you haven't already on this system / user, connect to the server via PuTTY in order to get the SSH server fingerprint prompt and remember it
- Close any existing Git Bash / msysgit instances and start it up again
This should do it!
I hope this was helpful.
Thanks for reading!
Source: http://www.bitsandpix.com/entry/git-setup-msysgit-install-with-pageantplink-from-putty/
Deleting Huge Directories in Windows Via Command Prompt
Hi!
If you'd like to delete a huge folder / directory in Windows with maybe thousands or hundreds of thousands of files inside, doing that via Explorer might cost you a lot more time than via command prompt.
Here's how to do it faster:
- Open the command prompt by using "Start" => "cmd" and navigating to the desired path via "cd <path>" or "pushd <path>"
- OR -
navigate to the folder in the Explorer and use Shift + right-click and "Open command window here"
(Note: if deleting the desired folder requires elevated privileges, you will have to start a command prompt in elevated mode and navigate the old-fashioned way) - Use the following command:
rmdir /s /q folder
A little explanation about rmdir's flags:
- /s: removes the directory itself including all the contained files and subdirectories
- /q: forces deletion and does not ask for approval
Doing this can be very helpful in a coding environment where you can easily end up with thousands of small files.
Thanks for reading!
Source: https://stackoverflow.com/questions/186737/whats-the-fastest-way-to-delete-a-large-folder-in-windows
Viewing Hidden Devices in Windows Device Manager
Hi!
If you are trying to find a device that has been hidden in your Windows Device Manager, for example because you don't have it plugged in at the moment, you might find this little guide handy.
- Open the command prompt ("Start" => "cmd")
- Enter
set devmgr_show_nonpresent_devices=1
- Then start the Device Manager from the command prompt via
devmgmt.msc
- In the Device Manager, click "View" => "Show hidden devices"
I hope this helped 🙂
Thanks for reading!
Installing the Logitech F710 Wireless Gamepad on Windows 7 x64 (XInput Driver)
Update from 2015-10-18: Windows 10 Pro (x64) does not appear to require this workaround. It automatically installed the correct driver and allowed me to use the controller right away.
Hi!
In order to be able to benefit from using the XInput mode for the Logitech F710 Wireless Gamepad, of course you need to install the correct driver. This is made a little hard for Windows 7 x64 seeing as there is no driver that comes with the device itself.
I found a guide on how you can manage it by using Microsoft's official Xbox 360 Controller driver.
Be careful though, you're messing with driver files. Use this guide at your own risk.
- Go to the Microsoft Hardware downloads page: http://www.microsoft.com/hardware/en-us/downloads
- Click on the category "Gaming"
- Click on the link "Xbox 360 Wireless Controller for Windows"
- Download the correct version of the file (Windows 7 64-bit only) and install it
- Open the Device Manager (e.g. [Windows]+[Break] => Device Manager)
- Right-click on the entry with "Logitech F710" in its name and the yellow triangle icon in front of it
- Open its properties
- Switch to the "Details" tab
- Choose the property "Hardware Ids"
- Right-click on the one without the "&REV_<Number>" at the end of the name and copy it. It should look something like this: USB\VID_046D&PID_C21F
- Go to the directory in which you installed the Xbox 360 Accessories Software a minute ago: C:\Program Files\Microsoft Xbox 360 Accessories
- Open the file Xusb21.inf with a plain text editor like Notepad
- At the top in the commented section you can see the line containing "Wireless Common Controller USB\Vid_045E&Pid_0719". Search for "USB\Vid_045E&Pid_0719" and replace each occurence with the hardware ID you copied earlier. Afterwards, save it to the file. You might need to have your editor program in elevated privilege mode in order to do so.
- Go back to the Device Manager with the open F710 properties window
- Switch to the "Driver" tab
- Click on the "Update Driver..." button
- In the assistant, choose "Browse my computer for driver software"
- Choose the path "C:\Program Files\Microsoft Xbox 360 Accessories"
- Confirm the driver warning and you're good to go
To check if it really worked, you can just press the Logitech button on the game controller and it should cause a little frame with the Xbox logo, the text "Click for Help" and a down-pointing arrow button and an X button to pop up in the lower center of your screen.
I do not usually recommend modifying driver files like that, but I have used this method before and it worked for me, so I stopped looking for a better way, as there doesn't seem to be any official solution provided by Logitech themselves (which is a shame).
Original post and the ones who can be credited with this solution: post by breakfastmonkey on the official Logitech forums (referencing a couple of previous posts in the same thread).
Thanks for reading.
Making Traceroutes Work with a Firewall (Windows)
Hi!
Even though I've had software firewalls in action for years now, I haven't really come across too many instances where I'd need traceroutes. The few times I did, however, I noticed that I only got output like the following:
>tracert example.com Tracing route to example.com [123.123.123.123] over a maximum of 30 hops:  1    *       *       *    Request timed out.  2    *       *       *    Request timed out.  3    *       *       *    Request timed out.  4    *       *       *    Request timed out.  5    *       *       *    Request timed out.  6    *       *       *    Request timed out.  7    *       *       *    Request timed out.  8    *       *       *    Request timed out.  9    *       *       *    Request timed out.  10    *       *       *    Request timed out.  11   50 ms   50 ms   50 ms example.com [123.123.123.123] Trace complete.
The number of hops would of course vary for the specific host / IP address.
Today I had to use traceroute in order to analyze a couple of networking problems. That was the incentive I needed to look up why it didn't work.
The fact that not even my router was showing up was a big indicator that something was wrong with my local firewall settings.
After searching the web for a couple of minutes, I found out what I was looking for at this page: http://www.phildev.net/ipf/IPFques.html#ques34
Traceroute is using ICMP packets (plus UDP on Linux systems, but that's outside the scope of this blog entry. You can read more about it on the page I linked above). But even for an outgoing traceroute you need to accept incoming ICMP packets.
Which ones? These:
- ICMP TTL Expired (Type 11, Code 0)
- ICMP Port Unreachable (Type 3, Code 3)
Once you've enabled these types of packets for incoming traffic in your firewall(s), you'll see that your traceroute will now function as it should.
If your firewall does not allow you to configure accepting specific types of ICMP packets, try allowing incoming ICMP packets altogether (if that's not too much of a compromise for you).
Anyway, long-ish story short: It's working now 🙂
Thanks to the webmaster of the page I linked above! And thanks to you for reading.
Adobe Premiere Pro CS5 and the Long Loading Splash
Hi!
If you have used Adobe Premiere Pro CS5 (or several other CS5 products as I've read), you might have encountered long waiting times during the program launching. In the case of Premiere Pro CS5, the splash screen shows "Loading ExporterQuickTimeHost.prm" and sticks with it for a couple of minutes (yes, minutes). This is not even a one-time thing or a once-per-Windows-session, it happens each and every program launch.
When I researched this, I quickly found the answer in Adobe's forums: Premiere CS5 takes 5 minutes to start up
In fact, what's causing this is not just the Adobe program, but rather the combination of a firewall and the Adobe program. If you are as restrictive in terms of Internet access as I am, you might have forbidden Adobe Premiere Pro.exe outgoing IP connections altogether. However, it is trying to establish a TCP connection to localhost / 127.0.0.1.
The fix is to allow outgoing TCP (I chose IP, which of course includes TCP) to 127.0.0.1 for the following executables:
- <Premiere Directory>\Adobe Premiere Pro.exe
- <Premiere Directory>\32\Adobe QT32 Server.exe
- <Premiere Directory>\32\dynamiclinkmanager.exe
with <Premiere Directory> of course being the path to your Adobe Premiere directory.
Note: Of course you can still stop every other outgoing traffic. Regard the 127.0.0.1 rule as an exception.
If you are trying to apply this fix to other Adobe programs, you are on your own to find out which .exes require 127.0.0.1 TCP connections. With modern firewalls, however, this shouldn't be that big of a problem. Just look at the prompts your firewall pops up and/or determine the .exes via logging.
I hope that helps you enjoy your respective Adobe program(s) all the more. 🙂
Good luck and, as always, thanks for reading.
Update (2010-03-28):
I recently found out that with my kind of firewall "Adobe Premiere Pro.exe" would prompt me again for a rule for outgoing traffic to addresses different from the localhost zone. If that happens to you, make sure you don't accidentally replace or override the localhost rule you added above. Rather add an additional rule for all the remaining outgoing traffic and forbid it (or allow it, depending on what you want).