Control Panel Command Line

Running MS Settings, Control Panel, Windows Administrative Tools, and GodMode from the command line. This is useful if you run your computer as a standard user.

Standard User vs Administrative User

I run my computers as a standard user. And with the latest creators update if I right click on 'This PC' and select 'Manage' it no longer works properly. It doesn't give me administrative rights. And not all tools in the start menu have the right click option to run as Administrator. Plus I like command line tools anyway. Not that these are true command line tools as they simply launch a GUI window. This chart includes the control panel sub-windows. And it includes a few other tools. This MS post has the official documentation about running control panel from the command line.

You first need to launch the command line, or powershell, as an administrative user. Click on the 'Windows Logo' (aka the start button)  in the taskbar and then type 'cmd'. Right click on that application and select 'Ru as administrator'.  You can also launch Powershell and right click on that and run it as administrator.

The Command Line Tools

As stated above you need to be running the command line or powershell as an administrative user. Most of these commands may be run without typing 'control'. Not all commands will work on every computer. It will depend on your environment. The second chart shows other useful tools.

This document does not cover computers in Active Directory.

Control Panel Tool Command
Control Panel control panel
Accessibility Options control access.cpl
Add New Hardware control sysdm.cpl add new hardware
Add/Remove Programs control appwiz.cpl
Date/Time Properties control timedate.cpl
Display Properties control desk.cpl
FindFast control findfast.cpl
Fonts Folder control fonts
Internet Properties control inetcpl.cpl
Joystick Properties control joy.cpl
Keyboard Properties control main.cpl keyboard
Microsoft Exchange control mlcfg32.cpl
Microsoft Mail Post Office control wgpoclp.cpl
Modem Properties control modem.cpl
Mouse Properties control main.cpl
Multimedia Properties control mmsys.cpl
Network Properties control ncpa.cpl
(OLD control netcpl.cpl)
Password Properties control password.cpl
PC Card control main.cpl pc card (PCMCIA)
Power Management control powercfg.cpl
(OLD control main.cpl power)
Printers Folder control printers
Regional Settings control intl.cpl
Scanners and Cameras control sticpl.cpl
Sound Properties control mmsys.cpl sounds
System Properties control sysdm.cpl

Other Useful Tools

This is how to launch the new MS Settings application and most of the Windows Administrative Tools from the command line.

Other Useful Tools Command
Windows 10 Settings start ms-settings:
(Powershell Start-Process "ms-settings:"
Computer Management compmgmt.msc
Disk Management diskmgmt.msc
Event Viewer eventvwr.msc
Device Manager devmgmt.msc
Services & Applications services.msc
Local Group Policy Editor gpedit.msc
MMC (Management Console) mmc
Component Services dcomcnfg
Disk Cleanup C:\windows\SYSTEM32\cleanmgr.exe /d{DRIVELETTER}
System Configuration msconfig
System Information msinfo32
Task Scheduler taskschd.msc
Windows Firewall wf.msc

GodMode

You can launch the GodMode folder as a standard user by running the following command.

explorer.exe shell:::{ED7BA470-8E54-465E-825C-99712043E01C}

Create a little BAT file and you can run that anytime you desire.

If you are running as an Administrative user create a new folder and give it the following name.

GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}

Configure W32Time (NTP) on a Standalone Windows Box

How to setup the NTP client on standalone Windows boxes. And an explanation of the various registry settings. Use powershell and the command line tools to setup NTP.

NTP is Fun

Synchronized time is important and very easy to setup. This article is for setting up the NTP clients on a Windows 10 box. This is NOT for a box that is part of an active directory domain. This is only for standalone boxes. Or in other words it is for your home computer not your business computers. NTP uses 123/UDP.

Links to the Official Docs

This article only touches the surface of NTP. It is a pretty basic service and easy to setup. But it can get rather complicated if you deep dive into the subject. Note that the basic NTP client does not support NTP authentication (NTP keys). You need to use active directory to enable authentication.

Registry Settings

I spent some time looking up the various registry settings related to NTP. A typical home user will not need to change most of these settings. This is just a reference. These settings are used when you configure an Active Directory Domain Controller to serve as a NTP server. Most of these settings are hexadecimal (base 16 // 0-9 A-F). You can enter combine options by adding together the values. If you don't understand binary or converting from decimal to hex or decimal, don't play with any of these settings.

Main Registry Directory

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time

Refer to the Windows Time Service Tools and Settings link above for more information about the various registry settings.

W32Time\Parameters\NtpServer

This is a space delimited listing of each NTP server the client will query. Each NTP server can be listed as a hostname or an IP address. Each NTP server needs to be followed by a comma and the appropriate hexadecimal flag.

  • 0x1 - Use the special poll interval set in the registry instead of the default value. The default is 7 days (604,800 // 0x00093a80)
  • 0x2 - Use this source only as a fallback if all other time sources have failed.
  • 0x4 - Send request as SymmetricActive Mode. This is for Windows servers.
  • 0x8 - Send NTP queries in client mode

Most home users will use '0x8'. If you want to query the NTP servers more frequently then use '0x9' which is '0x8 + 0x1'.

\TimeProviders\NtpClient\SpecialPollInterval

This determines in seconds how often the computer will poll or query the NTP servers. This is an optional change. If you are uncomfortable changing registry settings do not use this option. You must set the '0x1' flag in the NtpServer settings to use this feature.

The default value is every 7 days. But W32Time will poll on a floating interval, based on the quality of the time samples being returned by the time source. In this example I will be using the public NTP pool servers. And since microsecond accuracy isn't that important for a home user I will be querying the servers every 12 hours. (sec = 43,200 // hex = 0x000a8c0)

IMPORTANT: In build 1702 SpecialPollInterval is contained by the \Config\MinPollInterval and \Config\MaxPollInterval registry values. I am still on build 1607. I need to verify these settings once my computer is finally updated.

\Parameters\Type

This entry indicates from which peers to accept synchronization.

  • NoSync - The time service does not synchronize with other sources.
  • NTP - The time service synchronizes from the servers specified in the NtpServer registry key. (Our required value and the default value for standalone boxes.)
  • NT5DS - The time service synchronizes from the domain hierarchy.
  • AllSync - The time service uses all the available synchronization mechanisms.

W32Time\Config\AnnounceFlags

This entry controls whether this computer is marked as a reliable time server. A computer is not marked as reliable unless it is also marked as a time server. The default value for domain members and standalone clients is 10. (hex = a)

  • 0x0 - Not a time server
  • 0x1 - Always a time server
  • 0x2 - Automatic time server
  • 0x4 - Always reliable time server
  • 0x8 - Automatic reliable time server.

As stated above the default value is 10 (0x8 + 0x2). This means our client is an automatic reliable time server and an automatic time server.

W32Time\Start

This is one of three registry settings that describe how the W32Time process will start. The other two are 'W32Time\Type' and 'W32Time\DelayedAutostart'. All three settings are DWORD data types. The start setting specifies how the service is loaded or started. If the service is a Win32 service, the value of this entry must be 2, 3, or 4. This entry is not used for network adapters. The W32Time service has a start value of 2 (automatic).

Value Meaning
0 Boot (loaded by the kernel loader). Components of the driver stack for the boot (startup) volume must be loaded by the kernel loader.
1 System (loaded by I/O subsystem). Specifies that the driver is loaded at kernel initialization.
2 Automatic (loaded by the Service Control Manager). Specifies that the service is loaded or started automatically.
3 Manual. Specifies that the service does not start until the user starts is manually, such as by using Device Manager.
4 Disabled. Specifies that the service should not be started.

W32Time\Type

Identifies the type of service represented by the subkey. The W32Time service has a type value of 32.

Value Meaning
1 A kernel-mode device driver.
2 A file system driver.
4 A set of arguments for an adapter.
8 A file system driver service, such as a file system recognizer.
16 A Win32 program that runs in a process by itself. This type of Win32 service can be started by the service controller.
32 A Win32 program that shares a process. This type of Win32 service can be started by the service controller.
272 A Win32 program that runs in a process by itself (like Type16) and that can interact with users.
288 A Win32 program that shares a process and that can interact with users.

W32Time\DelayedAutostart

This subkey is added when an automatic process is set to start at boot but with a delayed start. The Set-Service cmdlet cannot set a process to a delayed start. The 'sc config' command line tool does allow this option. Use the commands below to create this subkey if necessary.

  • $RegRoot ="HKLM:\SYSTEM\CurrentControlSet\Services\W32Time"
  • Set-ItemProperty -Path $RegRoot -Name "DelayedAutostart" -Value 1 -Type DWORD

Use the command below to verify all of the settings.

Get-ItemProperty -Path $RegRoot

To just see one of the subkeys and get rid of the various PS values use the 'Format-List' cmdlet. This can be shortened to 'FL'. I am not adding the '-Name' flag to the 'Item-Property' cmdlet as it is not necessary.

Get-ItemProperty -Path $RegRoot |FL -Property DelayedAutostart,Start,Type

Setup via Powershell

It is very simple to setup NTP using the old command line tools. But Microsoft is moving away from those tools. Powershell is the future. Here the the commands to setup everything using Powershell. This assumes you are running Powershell as an administrative user by right clicking and running as an administrator. Everyone should be running Windows as a standard user and not an administrative user. Keep in mind that powershell is not case sensitive.

Start and Stop a Service

Use 'Start-Service w32time', 'Stop-Service w32time', and 'Get-Service w32time' to start and stop the service. And then to verify the status of the service.

  • To Start = Start-Service w32time (net start w32time)
  • To Stop = Stop-Service w32time (net stop w32time)
  • Status = Get-Service w32time

View the Startup Mode

A way to verify the startup mode for a particular service.

PS > Get-WmiObject -Class Win32_Service -Filter "Name = 'W32Time'"

ExitCode  : 0
Name      : W32Time
ProcessId : 1076
StartMode : Auto
State     : Running
Status    : OK

Setup the NTP Server List

This example uses '0x9'. Change this to '0x8' if you don't want to change the SpecialPollInterval registry value. The command is broken up over several lines using the backtick ( ` ) to make it easier to understand. This doesn't paste well into powershell. You need to remove the backticks and reduce this to a single line before pasting into powershell.

  • $RegRoot ="HKLM:\SYSTEM\CurrentControlSet\Services\W32Time"
  • $MyNTP ="0.pool.ntp.org,0x9 1.pool.ntp.org,0x9 2.pool.ntp.org,0x9 3.pool.ntp.org,0x9"

Set-ItemProperty -Path "$RegRoot\Parameters" `
-Name NtpServer -Value "$MyNTP"

Set the Service for Delayed Autostart

As stated above the 'Set-Service' cmdlet cannot set a service to delayed autostart. I am not sure if the 'DelayedAutostart' registry setting is set to '1' by default for the W32Time service. But it is easy to check first.

Get-ItemProperty -Path $RegRoot |FL -Property DelayedAutostart,Start,Type

The output should look like the following.

DelayedAutostart : 1
Start            : 2
Type             : 32

To set the start type to automatic (2) run the following command.

Set-Service -Name w32time -StartupType Automatic

Run the following command to create the 'DelayedAutostart' registry key.

  • $RegRoot ="HKLM:\SYSTEM\CurrentControlSet\Services\W32Time"
  • Set-ItemProperty -Path $RegRoot -Name DelayedAutostart -Value 1 -Type DWORD

You can also use the 'sc config' command line tool within powershell.

sc config w32time start= delayed-auto

Adjust the SpecialPollInterval

This step is truly unnecessary for home users. Home users should use the '0x8' flag on the NTP server list. But it is easy enough to change. The setting is in seconds. One hour (3600) is 60 seconds times 60 minutes. Multiply 3600 by X number of hours to get your desired hour value. Multiply 3600 by 24 and then by X number of days to get the number of seconds for that desired day value.

  • 7 Days = 604800 (Default Value)
  • 12 Hours = 43200
  • 4 Hours = 14400
  • 1 Hour = 3600
  • 15 Minutes = 900

Run the following commands to set the value to 12 hours (43200 seconds).

  • $RegRoot ="HKLM:\SYSTEM\CurrentControlSet\Services\W32Time"
  • Set-ItemProperty -Path $"RegRoot\TimeProviders\NtpClient" -Name SpecialPollInterval -Value 43200

Resync W32Time

Now that everything has been setup it is time to resync W32Time. This command is a standard command line tool. But it can be run within the powershell environment. Like the other commands run above you need to be an administrative user to run this command. I am adding the '/rediscover' flag to force W32Time to re-read the configuration information.

w32tm /resync /rediscover

The Easy Setup

If you are just a normal user it is a lot easier to use the old command line tools. Microsoft is trying to deprecate these tools. But it won't happen anytime soon. You must run the command window as an administrative user.

  • net start w32time

The following command is one line broken up by carrots (^) to make it more legible.

  • w32tm /config /update ^
    /manualpeerlist:"0.pool.ntp.org,0x8 1.pool.ntp.org,0x8 ^
    2.pool.ntp.org,0x8 3.pool.ntp.org,0x8" ^
    /syncfromflags:MANUAL
  • sc config w32time start= delayed-auto
  • w32tm /resync

Remove Carriage Returns (^M)

Brief tutorial on how to remove carriage returns in UNIX. Use CTRL-V+CTRL-M in SED or VI. Use octal \026 \015. Use tr or perl.

DOS to UNIX

Whenever you transfer files from DOS (Windows) to UNIX boxes it is possible that carriage returns may be added to your text files.  This will sometimes prevent the file from working properly in UNIX.  I have actually had some files work with carriage returns (CR hex 0D).  I know the simple VI command to remove the carriage returns (^M) at the end of each line. And there are several other ways to remove carriage returns.

I ran into a problem on my home router running DD-WRT. It would not allow me to type CTRL-V+CTRL-M to create the carriage return (^M) in vi or anywhere else. I suspect is a busybox shell issue. So I had to find another way. This document shows the standard methods as well as a new method I used on my router. I am not including 'dos2unix' and 'unix2dos' as these may not by installed. I prefer to remember standard methods that should work on all boxes without installing additional software.

Who Uses What

A brief rundown on which OS uses which symbol for a line terminator.

  • LF = linefeed (move cursor down) - CTRL-J / ^J / hex 0A / Sometimes written as NL (newline)
  • CR = carriage return (return cursor to left margin) - CTRL-M / ^M / hex 0D
  • UNIX = LF only
  • DOS = CRLF (each line ends with CR then LF)
  • MAC = CR only

Typing ^M

To create the return character in vi or the command line you normally type "CTRL-V+CTRL-M". That is you press and hold the control key and then press 'v' and then 'm' (without the single quotes) and then release the control key. Another way is to use '\r'. (backslash r) And one more way is to use octal. Type '\026' for 'CTRL-V' and '\015' for 'CTRL-M'.

The Commands

Below are the various methods to edit the file. There are more methods than listed here. One of these is likely to work.

vi

The percent sign (%) will perform the search and replace on all lines. And the 'g' at the end does the search and replace globally and not on just the first instance in the line.

:%s/^M//g

Other ways to accomplish the same task.

:%s/\r//g
:%s/\r\(\n\)/\1/g

This wiki article has some other useful tidbits about VI (VIM) and file formats.

Display the fileformat option (ff) for the current buffer, and the fileformats global option (ffs) which determines how VIM reads and writes files.

:set ff? ffs?
:verbose set ff? ffs? (Helps to see in your vimrc)

Convert from dos/unix to unix

:update             Save any changes
:e ++ff=dos         Edit file again using dos FF (fileformats                                  ignored)
:setlocal ff=unix   This buffer will use LF only
:w                  Write buffer using unix (LF-only) line endings

Convert from dos/unix to dos

:update             Save any changes
:e ++ff=dos         Edit file again using dos FF (fileformats                                  ignored)
:w                  Write buffer using unix (LF-only) line endings

tr (translate)

The '-d' flag deletes the tokens. Input the original file and output the new file. The '\r' (slash r) is another way to type the carriage return.

tr -d '\r' < file > newfile

sed

Search and replace using sed is quite common. You can type ^M various ways. I am showing three methods. The '-e' is for scripting on the command line and running those commands directly. The greater than sign (>) redirects the output to a new file. Otherwise the results are just displayed to stdout (standard out). You can add a 'g' to the end for global replacement just like in vi. The '-r' is for using regex (regular expressions).

sed -e 's/\r//' file > newfile

sed -e 's/^M//' file > newfile

sed -r $'s/\026|\015//g' file > newfile

perl

You can also use a one line perl command. The '-e' is used to enter one line of script to be run by perl. Multiple '-e' commands may be given. The '-p' causes perl to assume a certain type of loop command. Useful for one liner commands. The '-i(extension)' will edit the file in place. The extension is added to the filename. The original file is saved as 'filename.extension'. The edited file is saved as the original filename.

perl -pi.bak -e 's/\r//g' filename

Raspbian wlan0 Static IP

Requirements

Raspbian is a Debian derivative.  Other flavors of Linux use different files.  But the setup is basically the same.  These steps are geared for home use.  If you are a business with LEAP, RADIUS, or certificate based authentication you will need to read the documentation.  And of course work with your technical support staff to find your settings.

I am using DD-WRT on my home router.  The latest and greatest home security uses WPA2.  This is WiFi Protected Access v2 and uses PSK (Pre-Shared Keys).  It is known by several names, such as WPA2-Personal, WPA-PSK, or WPA2-PSK.  You want to use WPA2.  There are two encryption algorithms.  You can use TKIP (Temporal Key Integrity Protocol) or AES (Advanced Encryption Standard).  You should use AES as it is more secure.  Please note that in Linux AES is known as CCMP (Counter Mode Cipher Block Chaining Message Authentication Code Protocol) which is part of the AES standard.

Please note that in Raspbian 8 (Jessie) you are actually supposed to set the static IP address in /etc/dhcpcd.conf.  But I don't want to be running DHCP anyway.  So I will be disabling DHCP and using the old fashioned method to set my static IP address.  Run these with sudo or switch to root.

  • systemctl stop dhcpcd
  • systemctl disable dhcpcd
  • shutdown -r now

Hash Your PSK

You need to hash your PSK (Pre-Shared Key) for your SSID.  Otherwise the key is in clear-text in the configuration file.  Use the 'wpa_passphrase' program to hash it.  In the example below the SSID is 'homenet' and the PSK is 'supersecretkey'.  This will create the basic lines for the 'network' section of '/etc/wpa_supplicant/wpa_supplicant.conf'.  You can acually use the real PSK in this file.  Make sure you delete the commented out PSK line.

# sudo wpa_passphrase
usage: wpa_passphrase <ssid> [passphrase]

If passphrase is left out, it will be read from stdin

# sudo wpa_passphrase homenet supersecretkey
network={
  ssid="homenet"
  #psk="supersecretkey"
  psk=4322bc0066242ca2ce0ee61c831ac9e8949069c16a7dcf06fc2cbf069d09cf20
}

Edit wpa_supplicant.conf

To find detailed information on all of the options look at the example documentation.

  • /usr/share/doc/wpasupplicant/examples/wpa_supplicant.conf.gz

This example is doing a simple setup for one SSID.  I am broadcasting my SSID on my router.  I have a couple of devices that don't work without the broadcast SSID.  Plus hiding the SSID doesn't really add that much security.  The information below is from the example documentation.

There are two sections in a basic configuration file.  There is a global configuration section and a network block configuration section.

Global Configuration:

There are three settings in a basic configuration.

  • country - The two letter country code where the device is operating.
  • ctrl_interface=DIR - The location of the wlan0 socket and group owner.  This may vary on different versions of Linux.
  • update_config - Whether to allow wpa_supplicant to update and overwrite the configuration.  I prefer to manually setup the networking.  As a result I turn this feature off.
    • 0 - Turn this feature off.
    • 1 - Turn this feature on.

Network Block:

Here is a brief explanation of each setting in the network block.

  • ssid - A mandatory field with the SSID for the network.  There are three ways to fill this out.  But the most common method will be used here.  Enter the SSID in ASCII text surrounded by double quotes.
  • scan_ssid - A probe request is a special frame sent by a client station requesting information from either a specific access point, specified by SSID, or all access points in the area, specified with the broadcast SSID.  You can either enable or disable this feature.  I have better luck enabling this feature (1).  Probably because I currently have 2 SSIDs.
    • 0 = Do not scan this SSID with specific Probe Request frames (default).
    • 1 = Scan with SSID-specific Probe Request frames.  This can be used to find APs that hide (do not broadcast) SSID or use multiple SSIDs.  This will add latency to the scanning.
  • proto - List of accepted protocols.  The default is 'WPA RSN'.  In this example we have WPA2 on our DD-WRT router.  And RSN is another name for WPA2.  So we will use RSN.  Although we can use the alias of WPA2.
    • WPA = WPA/IEEE 802.11i/D3.0
    • RSN = WPA2/IEEE 802.11i  (WPA2 can be used as an alias for RSN)
  • key_mgmt - List of accepted authenticated key management protocols.  For home use we need to set this to 'WPA-PSK'.  And we must have the 'psk' field as well.  Refer to the official documentation for a list of all of the options.
  • pairwise - List of accepted pairwise (unicast) ciphers for WPA.  The default is 'CCMP TKIP'.  This is the private key from the client to the AP.  In our home network we only have two choices and we will use the more secure option of 'AES' which is also known as 'CCMP'.
    • CCMP = AES in Counter mode with CBC-MAC
    • TKIP = Temporal Key Integrity Protocol
    • NONE = Use only Group Keys (deprecated)
  • group - List of accepted group (broacast/multicast) ciphers for WPA.  This defaults to use all options which is not secure.  These are the broadcasts from the AP to all clients.  In our home network we will use the most secure option, which is CCMP.
    • CCMP = AES in Counter mode with CBC-MAC
    • TKIP = Temporal Key Integrity Protocol
    • WEP104 = WEP (Wired Equivalent Privacy) with 104-bit key.
    • WEP40 = WEP (Wired Equivalent Privacy) with 40-bit key.
    • Defaults to 'CCMP TKIP WEP104 WEP40'
  • auth_alg - List of allowed IEEE 802.11 authentication algorithms.
    • OPEN = Open System Authentication (required for WPA/WPA2)
    • SHARED = Shared key authentication (requires static WEP keys)
    • LEAP = LEAP/Network EAP (only used with LEAP)
  • psk - WPA pre-shared key (256 bit pre-shared key)  We previously used 'wpa_passphrase' to generate our key from our ASCII PSK.

Sample /etc/wpa_supplicant/wpa_supplicant.conf

country=US
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=0
network={
   ssid="homenet"
   scan_ssid=1
   proto=RSN
   key_mgmt=WPA-PSK
   pairwise=CCMP
   group=CCMP
   auth_alg=OPEN
   psk=4322bc0066242ca2ce0ee61c831ac9e8949069c16a7dcf06fc2cbf069d09cf20
}

Setup the Static IP Address

Different versions of Linux use different files.  In RHEL you setup the IP Address by editing '/etc/sysconfig/network-scripts/ifcfg-ethX'.  In Debian based distributions you need to edit '/etc/network/interfaces'.  The options are very similar in both distributions.  This example is for Raspbian.  This example is for a simple setup.  More advanced options allow for multiple sites by adding mapping stanzas.  Or by enabling VLANs, bridging, or 802.1Q VLAN tagging.  Read the official documentation for information about these advanced options.

We will be looking at three stanzas.  This information is from the man page.

  1. "auto" - Used to identify the physical interfaces to be brought up when ifup is run with the '-a' option.  Physical interfaces names should follow the word auto on the same line.  (e.g. auto lo && auto wlan0)
  2. "allow-" - Used to identify interfaces that should be brought up automatically by various subsystems.  For example running 'ifup --allow=hotplug eth0 eth1' will only bring up eth0 and eth1 if it is listed in an 'allow-hotplug' line.  This is hardware dependent.
  3. "iface" - This starts the stanza that defines the logical interface.  This lines is broken into 4 parts.  And then depending on the method (fourth part) additional options are used to configure the logical interface.

The iface Stanza

The 'iface' line is broken into four parts.

  • iface <name_logical_interace> <address_family> <method>
    • <name_logical_interface> - In our simple setup this will be 'wlan0'.  This is the logical name for the interface.  You need to use the mapping stanza to have more complicated setups.
  • <address_family> - In our case this will be 'inet' for TCP/IP networking.
    • inet = TCP/IP networking - The most common option
    • ipx = IPX networking
    • inet6 = IPv6 networking
  • <method> - In our example we are setting a static IP address so we will use 'static'.
    • lo = Loopback method.  Used for the loopback adapter
    • static = Interfaces with static IPv4 addresses
    • manual = Interfaces for which no configuration is done by default.  Such interface can be configured manually by means of up and down commands or by '/etc/network'if-*.d' scripts.
    • dhcp - Used to obtain an address by DHCP.
    • There are other uncommon methods.  They are 'bootp', 'tunnel', 'ppp', 'wvdial', and 'ipv411'.

The iface Options

There are additional options listed in the official documentation.  You should indent each option.

  • address = The dotted quad IP address
  • netmask = The netmask for your IP address - dotted quad or CIDR
  • network = The network block address (Not truly required but I like it.)
  • broadcast = The dotted quad broadcast IP address
  • gateway = The dotted quad IP address for the default gateway
  • wpa-conf = The path to your wpa_supplicant.conf file.
  • mtu = (OPTIONAL) The MTU size

I come from a enterprise server environment.  I am used to hard coding everything.  And I am used to having very explicit firewall rules.  For whatever reason Raspbian, and it appears other Linux distributions as well, now allow multiple programs to configure /etc/resolv.conf.  And you can have multiple versions of this file automatically configured as required.  As a result you need to add the DNS information into your iface stanza.  I think you can get rid of this and just manually setup /etc/resolv.conf if you disable and remove resolveconf.  If not you need to add the 'dns-nameservers' line at a minimum.  You can add 'dns-search' and 'dns-domain' as well.

  • dns-nameservers = Space delineated line of 1, 2 or 3 nameservers.

Sample /etc/network/interfaces

Here is the static IP address configuration for wlan0.

# interfaces(5) file used by ifup(8) and ifdown(8)

# Please note that this file is written to be used with dhcpcd
# For static IP, consult /etc/dhcpcd.conf and 'man dhcpcd.conf'

# Include files from /etc/network/interfaces.d:
source-directory /etc/network/interfaces.d

# Loopback Interface
auto lo
iface lo inet loopback

# eth0 - No IP set
iface eth0 inet manual

# wlan0 static IP address
allow-hotplug wlan0
iface wlan0 inet static
    address 10.0.0.100
    netmask 255.255.255.0
    network 10.0.0.0
    broadcast 10.0.0.255
    gateway 10.0.0.1
    hwaddress b8:27:eb:87:6c:08
    dns-domain example.com
    dns-nameservers 8.8.8.8 4.2.2.1
    wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

# wlan1 - No IP set
allow-hotplug wlan1
iface wlan1 inet manual
    wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

Xauth, X11, & Magic Cookies

X11 Forwarding

Fortunately X11 applications are rather rare these days.  Most applications use HTML for the GUI.  However, at times X11 may be required.  And if you need to SUDO to another ID it is possible to lose your magic cookie.  Personally, I would install VNC and forward that over SSH.  But if you must use X11 here is a quick way to set it up and use xauth to get the DISPLAY variable set properly.

Enable X11 Forwarding on the Server

I prefer to forward my X11 DISPLAY to localhost.  These directions assume X11 will use localhost.  Adjust these directions as appropriate if you cannot use localhost.  First on the server update '/etc/ssh/sshd_config' and set the three variables shown below.  Make sure you restart SSHD or reboot the server afterwards.

  • X11Forwarding yes
  • X11DisplayOffset 10
  • X11UseLocalHost yes

Setup the X11 Server on the Client

On a Windows box install an X11 server such as Cygwin, Xming, X-Win32, Exceed or some other X11 server for Windows.  In your SSH client make sure you enable X11 forwarding for this connection.  This can be done easily in PuTTY, SecureCRT, or the Cygwin command prompt (ssh -XY user@x.x.x.x).  These directions assume you already know how to configure your client to forward X11 packets.  I have used all of these methods and servers in the past connecting to AIX and RHEL servers.  In this example I will use Cygwin since it is free, although it is my least favorite.  I have a love hate relationship with Cygwin.  I am connecting to a Raspberry PI running Raspbian Jessie.

The Key File - ~/.Xauthority

When you SSH to a box with X11 forwarding enabled the 'xauth' command will setup your magic cookie in your home directory in the '.Xauthority' file.  This file consists of three values.  To display the contents of this file run 'xauth list'.  We are using 'MIT-MAGIC-COOKIE-1' as the protocol in our X11 sessions.

The .Xauthority file will consist of three values.

  • DisplayName  ProtocolName  Hexkey

The proper permissions for the .Xauthority file.  The file should be owned by your UID and GID and have the permissions set to 0600.

$ ls -la ~/.Xauthority
-rw------- 1 pi pi 180 Jun 15 22:32 /home/pi/.Xauthority

Display the contents with the 'xauth list' command.  The bold blue number in the display name section is the key number we need to identify.

$ xauth list
pi1.zaphod.local/unix:10 MIT-MAGIC-COOKIE-1 a57c1e1cea874b8dd002b82cf7c0fb34
pi1.zaphod.local/unix:11 MIT-MAGIC-COOKIE-1 6ba1e0d9cc5de492cc4af43b4f0faa20

Step by Step Using Cygwin

This example will use Cygwin to setup our GUI as the 'pi' user and as root.  These directions assume you will run 'sudo su - <ID>' to switch to another user and use the shell of the new user.

  • Launch the Cygwin terminal
  • startx & (This will launch the X11 server in the background.)
  • Minimize the X11 screen and return to the Cygwin terminal
  • Run "export DISPLAY=:0:0" without the quotes.  This just ensures the DISPLAY is properly exported on the server.  This step is only required in Cygwin.  I actually don't remember having to do this in the past.  You could also simply export your DISPLAY on the server.  (export DISPLAY=localhost:0.0)
  • SSH to your server.  Update with the proper ID and IP address or hostname.  ssh -XY pi@192.168.1.101
  • If this is your first time connecting a new .Xauthority file will be created.  It is a good idea to check for the existence of this file whenever you need to use X11.
  • Verify your DISPLAY has been set by running 'echo $DISPLAY' without the quotes.  And identify your DISPLAY number.  In this example it is '11'.

$ echo $DISPLAY
localhost:11.0

  • You can run 'xterm' to quickly verify X11 is being properly forwarded.  Exit the 'xterm' window in the Cygwin GUI.
  • Now identify your X11 session in 'xauth list'.  If you have more than one line, find the line that has the same session number when you run 'echo $DISPLAY' as shown above.  In this example, we have two lines.  The second line is our current X11 session.  It is session number '11'.

$ xauth list
pi1.zaphod.local/unix:10 MIT-MAGIC-COOKIE-1 a57c1e1cea874b8dd002b82cf7c0fb34
pi1.zaphod.local/unix:11 MIT-MAGIC-COOKIE-1 2beda25c5b32ab9630a619b5705690c3

  • Switch to your new user with a new shell.  In this example I am switching to root.  (sudo su -)
  • Verify your DISPLAY by running 'echo $DISPLAY'.  It may or may not be set correctly to match your previous session.  Run 'xauth list' and if this is the first time you have connected you will not have a '~/.Xauthority' file.  Regardless if $DISPLAY is set properly or not, we should add our magic cookie from our previous session.  This will ensure X11 functions properly.

$ sudo su -
root@pi1:~# echo $DISPLAY
localhost:11.0
root@pi1:~# xauth list
xauth: file /root/.Xauthority does not exist

  • Add the magic cookie by copying the '11' line from your '.Xauthority' file and adding it to the new user ID by running 'xauth add <xauthority_line>'.  See the example below.  I escaped the command to make it more legible.

# xauth add \
>pi1.zaphod.local/unix:11 MIT-MAGIC-COOKIE-1 2beda25c5b32ab9630a619b5705690c3
xauth: file /root/.Xauthority does not exist

  • The first time you run this command you will get the error above.  The file is created by xauth.  Simply run 'xauth list' to verify the contents.  And it should match.

# xauth list
pi1.zaphod.local/unix:11 MIT-MAGIC-COOKIE-1 2beda25c5b32ab9630a619b5705690c3

  • And VOILA!  You can now run your GUI.  And you can complain to the manufacturer and tell them to convert to HTML.  Or better yet, use VNC server instead of X11.  This also allows you to disconnect your session and go home and reconnect to the same X11 session.

Fix MAN Page Formatting

Locale Definition

RHEL defines locale as follows.  The system locale specifies the language settings of the system services and user interfaces.  The keyboard layout settings control the layout used on the text console and graphical user interfaces.  ArchLinux defines locale as follows.  Locales are used by glibc and other locale-aware programs or libraries for rendering text, correctly displaying regional monetary values, time and date formats, alphabetic idiosyncrasies, and other locale-specific standards.

Different versions of UNIX set the locale variables in different manners.  Refer to the official documentation for your OS to find the proper way to set the locale variables.  Also different OS'es will use different commands to display and set locale variables.

Various Locale Settings

This list may vary from OS to OS.

  • LANG - Provides a default value for the system locale
  • LC_COLLATE - Changes the behavior of functions which compare strings in the local alphabet.
  • LC_CTYPE - Change the behavior of the character handling and classification functions and the multibyte character functions.
  • LC_NUMERIC - Describes the way numbers are usually printed, with details such as decimal point versus decimal comma.
  • LC_TIME - Changes the display of the current time, 24-hour versus 12-hour clock.
  • LC_MESSAGES - Determines the locale used for diagnostic messages written to the standard error output.
  • LC_ADDRESS - Convention used for formatting of street or postal addresses.
  • LC_MONETARY - Monetary formatting
  • LC_MEASUREMENT - Default measurement system used within the region.
  • LC_PAPER - Default paper size for region
  • LC_RESPONSE - Determines how responses (such as Yes and No) appear in the local language.
  • LC_TELEPHONE - Conventions used for representation of telephone numbers.
  • LC_ALL - High precedence override for locale specific behavior (overrides all other locale variables)

MAN Page Formatting

At times when you read a man page you may have odd characters.  To fix this you need to set 'LC_ALL' to C.  There are two ways to set this variable.

  • command line = export LC_ALL=C
  • ~/.bashrc = export LC_ALL=C