Practical to use WinRM from outside NAT and hardware firewall?

Am I able to use WinRM/WinRS from outside a hardware firewall to run commands 
on machines located behind NAT and a hardware firewall? From outside the 
firewall, I want to be able to run Powershell commands or WinRS on machines 
inside the firewall and using NAT and not just for the one machine that might 
have http port 80 open and forwarded from the router/firewall but for any of 
the machines behind it. Is there some other recommended way to do any 
management from the "outside"? Thanks, Dave
0
Utf
12/31/2009 8:25:01 PM
windows.powershell 690 articles. 0 followers. Follow

11 Replies
1067 Views

Similar Articles

[PageSpeed] 30

I don't know to tell you the truth.  At the very least, you'll likely lose 
the ability to use any encrypted communications and may have to go with 
plain text, which won't be secure.

In such a scenario, the way I might architect this is to put a server in a 
DMZ, to accept and somehow pass commands to internal machines...

Marco

"CodeSlinger" <CodeSlinger@discussions.microsoft.com> wrote in message 
news:45EC4164-44F1-43EF-8E9D-42A7AB6EFCB7@microsoft.com...
> Am I able to use WinRM/WinRS from outside a hardware firewall to run 
> commands
> on machines located behind NAT and a hardware firewall? From outside the
> firewall, I want to be able to run Powershell commands or WinRS on 
> machines
> inside the firewall and using NAT and not just for the one machine that 
> might
> have http port 80 open and forwarded from the router/firewall but for any 
> of
> the machines behind it. Is there some other recommended way to do any
> management from the "outside"? Thanks, Dave 

0
Marco
1/1/2010 5:27:53 PM
"Marco Shaw [MVP]" <marco.shaw@NO_SPAMgmail.com> wrote:
> "CodeSlinger" <CodeSlinger@discussions.microsoft.com> wrote:

>> Am I able to use WinRM/WinRS from outside a hardware firewall to run 
>> commands on machines located behind NAT and a hardware firewall?
>> From outside the firewall, I want to be able to run Powershell
>> commands or WinRS on machines inside the firewall and using
>> NAT and not just for the one machine that might have http port 80
>> open and forwarded from the router/firewall but for any of the machines 
>> behind it. Is there some other recommended way
>> to do any management from the "outside"?

>I don't know to tell you the truth.  At the very least, you'll likely lose 
>the ability to use any encrypted communications and may have to go with 
>plain text, which won't be secure.

> In such a scenario, the way I might architect this is to put a server in a 
> DMZ, to accept and somehow pass commands to internal machines...

Unless the OP (or the OP's employer) is willing to invest quite a bit of 
effort into the design and operation of the network I think that the answer 
is "no."

In detail, somewhat simplified (and upon further review, admittedly a bit 
rambling...):

I disagree with the comment "you'll likely lose the ability to use any 
encrypted communications."  Encryption can take place at many levels; in 
most civilian environments the need for encryption is the section of the 
network where traffic passes across the public Internet between two 
physically secure endpoints. The encryption mechanism doesn't have to have 
any knowledge or connection to the software that generates or receives the 
payload (IOW, it doesn't have to be at the application layer), so the fact 
that POSH being used isn't relevant.

Example: at my house I have a commercial encrypting appliance to which I 
connect my company laptop. All communications with the company's network are 
protected by a very robust encryption algorithm, but my laptop is sending 
its communications in cleartext, unaware that there's an encrypted link 
between my house and the company network where the traffic emerges from the 
VPN concentrator in cleartext again.

Getting to systems behind a firewall should be relatively easy if the 
firewall was properly designed (which is not necessarily the case for 
consumer firewall products). Identify the protocols to be used and the 
(fixed, not dynamic) IP addresses of both endpoints, then create a rule to 
allow that traffic to pass inbound and deny all other.

The NAT issue is a problem, since a NAT device works by translating the 
internal IP addresses (almost always in the private address space 
192.168.x.x/16 or occasionally 10.x.x.x/8) into a random port on the 
external (single) IP address. A state table entry is created when an 
internal endpoint initiates a connection to an external endpoint, mapping 
the internal IP and port to the (randomly selected) external port number to 
allow a response from the distant endpoint to be re-mapped to the 
appropriate internal address and port. There's typically no mechanism to 
permit externally-initiated traffic to communicate with an internal 
endpoint.

Note that a private IP address can never be used as a source or destination 
address for a packet on the Internet. As its name implies it's intended to 
be used only on a private network; that's why your typical NAT device uses 
192.168.x.x/24 addresses.

This problem is why many NAT boxes have a DMZ option that allows incoming 
traffic to specific port(s) to be redirected to a particular IP address on a 
dedicated network cable.  This would avoid the NAT issue, but in the process 
of doing so it opens the DMZ machine to attack from any of the far-too-many 
criminals who search the network for vulnerable systems.

Putting a machine on the DMZ connection and using it as a bridge to the 
machines on the NAT-serviced network would require not only providing the 
hardware but also writing AND MAINTAINING the software to manage the 
forwarding.  This isn't an insurmountable issue, of course, but if security 
is a concern (and it should be, regardless of the size of the network) it 
raises lots of problems if the DMZ system is not completely secure. Hack 
into the bridge machine and you've got access to the servers on the NAT 
side.

An alternative would be to use a VPN. Connect the low side of a VPN server 
to the DMZ connector of the target network's firewall and the high side to 
the network where the target servers are located, then from the endpoint 
from which the OP wants to run the commands open the appropriate VPN client 
and establish a connection before issuing the control commands. The result 
is that the distant (control) endpoint will effectively be sitting on the 
internal network on which the target servers are located and can assess them 
directly, bypassing the NAT device. In turn, however, this requires that 
there be some mechanism to authenticate both the distant endpoint and the 
individual operating that endpoint. It also assumes that the VPN server 
itself is secure, and that the sysadmin for that server knows how to make it 
secure and keep it that way.

The OP did not provide (and probably should not have provided) any 
information about the organization whose servers s/he wants to manage, so 
there's no way for us to determine the degree of security that's appropriate 
for the systems involved. If the plan is to allow an external endpoint to 
control the internal servers, this should be briefed to the organization's 
management with a clear description of the security issues that it 
introduces into the network, and the decision *by management* to allow it to 
be implemented should be clearly documented in writing, laying out what 
changes are to be made and what intrusion monitoring procedures are to be 
followed to detect successful or unsuccessful attacks.

Joe Morris 


0
Joe
1/1/2010 8:02:38 PM
> I disagree with the comment "you'll likely lose the ability to use any 
> encrypted communications."  Encryption can take place at many levels; in

OK, agreed.  I was thinking one thing, but wrote another.  I should have 
said something along the lines of "possibly losing all WinRM built-in 
encryption in such a scenario".

Marco 

0
Marco
1/2/2010 1:21:32 AM
"Marco Shaw [MVP]" <marco.shaw@NO_SPAMgmail.com> wrote:

>> I disagree with the comment "you'll likely lose the ability to use any 
>> encrypted communications."  Encryption can take place at many levels; in

> OK, agreed.  I was thinking one thing, but wrote another.  I should have 
> said something along the lines of "possibly losing all WinRM built-in 
> encryption in such a scenario".

I suspected that was the intent, but since I don't know the technical 
sophistication of the OP I wanted to explain my reasoning for the 
disagreement and give an example.  I hope that didn't come across as jumping 
on your response (at least not *too* hard; I tend to be professionally 
paranoid about security issues <grin>).

But note that if you insert a VPN into the data path to provide the link 
security across the Internet, the tunnel should be invisible to the packet 
flow between the control system and the target servers, meaning that the 
WinRM encryption would be unaffected...although that still leaves the issues 
of authentication, authorization, and auditing to be addressed.

Joe 


0
Joe
1/2/2010 1:44:44 AM
Marco, Joe,

Thanks for the explanations and suggestions. I have an application with 
multiple agent computers, a server they talk to and one or more management 
consoles that monitor everything and all normally run completely inside but 
with WCF I am able to place the server or console components outside the 
firewall. All works fine except that the console cannot run commands against 
the agent machines using winrm or psexec as it normally can from the inside. 
Given your responses, I think I will recommend that for now the console 
application that would run such commands stay on the inside and some sort of 
RDP be used from outside.

I wish the "Notify me of replies" worked. Is there some trick to having the 
discussion group do this when a post get a response?

Thanks, Dave
0
Utf
1/2/2010 5:52:01 AM
> I wish the "Notify me of replies" worked. Is there some trick to having 
> the
> discussion group do this when a post get a response?

Hmmm...  I don't know if that even works.  Might be best to go and setup a 
search engine alert perhaps.

Marco 

0
Marco
1/2/2010 11:18:49 AM
"CodeSlinger" <CodeSlinger@discussions.microsoft.com> wrote:

> with WCF I am able to place the server [...] outside the firewall.

Again putting on my security hat: please don't even *think* about putting 
your servers directly on the internet with no firewall. It doesn't matter if 
they're running Windows, MacOS, Linux, or Magic Blue Smoke (tm): they have a 
vulnerability somewhere, and the nasties will find it if given half a 
chance.

This isn't to say that the servers must be behind the normal company 
firewall, but they do need to be protected by blocking any unnecessary 
access paths, both inbound and outbound.  Look at the applications that are 
running on the servers: what protocols are *really* necessary for the server 
to do its job? Whoever is responsible for the server (perhaps you) should be 
able to generate a list for both its general functioning and for 
communications with your command console (using a fixed IP address for the 
command console, preferably on a different NIC than the one connected to the 
Internet).

Don't forget to block access from any of your servers to any other 
DMZ-resident device. That way if one is somehow compromised it can't be used 
as a springboard into the others.

Google for "DMZ Firewall Rules" for some guidance on this. A good example is 
given by an IBM site:

http://publib.boulder.ibm.com/infocenter/lnxinfo/v3r0m0/topic/liaag/webappsecure/publishedwebappsecure15.htm

Be hard-nosed about writing the firewall rules and close off *every* access 
unless someone can clearly document a need for it. This may make you a bit 
unpopular for a while, and it's hard to show that your actions meant that 
something nasty didn't happen (example: some people still say that the Y2K 
problem [*] never existed because no catastrophe happened...idjuts) but 
management, if it's got any brains, will (eventually) thank you for keeping 
your company's name off the front page of the local newspaper's story about 
computer  intrusions.

And don't assume that *anything* is automatically safe.  It's interesting 
how much information can be obtained by carefully examinging how a system 
responds to unsolicited traffic, even if that response is "go away."

We now return you to postings about POSH, already in progress.

Joe

[*] Happy Y2K+10 anniversary! 


0
Joe
1/2/2010 2:12:58 PM
"Notify me of replies" has been broken for a while. (And isn't something 
most of us using an NNTP reader even see.) I know MS is aware of the issue, 
but haven't seen a timeline for a fix, I'm afraid.

-- 
Charlie.
http://msmvps.com/blogs/russel




"CodeSlinger" <CodeSlinger@discussions.microsoft.com> wrote in message 
news:338CE763-AB1E-4A27-9DCC-3E1BD06D7995@microsoft.com...
> Marco, Joe,
>
> Thanks for the explanations and suggestions. I have an application with
> multiple agent computers, a server they talk to and one or more management
> consoles that monitor everything and all normally run completely inside 
> but
> with WCF I am able to place the server or console components outside the
> firewall. All works fine except that the console cannot run commands 
> against
> the agent machines using winrm or psexec as it normally can from the 
> inside.
> Given your responses, I think I will recommend that for now the console
> application that would run such commands stay on the inside and some sort 
> of
> RDP be used from outside.
>
> I wish the "Notify me of replies" worked. Is there some trick to having 
> the
> discussion group do this when a post get a response?
>
> Thanks, Dave 

0
Charlie
1/2/2010 3:00:59 PM
Since you mentioned RDP what about a Terminal Services Gateway?  This will 
permit encrypted connections over port 443 & setting up CAP (client access 
policies) & RAP (resource access policies) to determine who can connect and 
to what resources.  You could then connect to an internal machine using RDP 
and run winrm from there. 

I also agree with Joe in that no machine should be placed on the internet 
without locking it down to required services only and then somehow protected 
with an additional firewall...and even then the service itself might be 
vulnerable.  

"CodeSlinger" wrote:

> Marco, Joe,
> 
> Thanks for the explanations and suggestions. I have an application with 
> multiple agent computers, a server they talk to and one or more management 
> consoles that monitor everything and all normally run completely inside but 
> with WCF I am able to place the server or console components outside the 
> firewall. All works fine except that the console cannot run commands against 
> the agent machines using winrm or psexec as it normally can from the inside. 
> Given your responses, I think I will recommend that for now the console 
> application that would run such commands stay on the inside and some sort of 
> RDP be used from outside.
> 
> I wish the "Notify me of replies" worked. Is there some trick to having the 
> discussion group do this when a post get a response?
> 
> Thanks, Dave
0
Utf
1/2/2010 3:47:01 PM
Thanks Joe, I was not clear as by "outside" I was thinking from the 
perspective of my agent computers inside their firewall. The Manager/server 
machine the agents talked to would be outside the agent's firewall but behind 
it's own firewall somewhat like a web server perhaps using TCP port sharing 
and yes would be locked down except for this application. I'm a developer and 
don't always know the IT and security stuff in detail so very much appreciate 
your detailed comments as that gives me plenty to think about and learn and 
and suggest how folks should use and configure the software I am developing 
rather than setting it all up myself. Happy 2010 and thanks, Dave
0
Utf
1/4/2010 10:49:01 AM
Thanks joeroc, Sounds like what I need. I have Server 2008 for testing at 
home so can test this unless I can get someone else to set that up for me to 
test with so I don't have to expose my development server to the outside 
meanies. WinRM/WinRS is already locked down pretty tight for using within my 
workgroup at home so I agree not very feasible to let WinRM straight in and 
as suggeted it makes a lot more sense to come in with RDP/TS and use WInrm 
once inside. Dave
0
Utf
1/4/2010 10:54:02 AM
Reply:

Similar Artilces:

How do you get the attribute value using XPath in VB.Net 2003?
Hi, How do you get the attribute value using XPath in VB.Net 2003? Many thanks, aushknotes "aushknotes" <aushknotes@discussions.microsoft.com> wrote in message news:508426F2-1C8A-4AD2-A52E-B80B9798AC0C@microsoft.com... > Hi, > > How do you get the attribute value using XPath in VB.Net 2003? > Prefix @ to the name of the attribute value. XmlAttribute attrib = (XmlAttribute)dom.selectSingleNode("/path/@attributeName"); -- Anthony Jones - MVP ASP/ASP.NET aushknotes wrote: > How do you get the attribute value using XPath in VB.Net 2003? ...

Reporting Hardware Specs for a 20TB Oracle DB
Hello, I have a requirement for a Reporting Solution for an Enterprise Reporting Solution for a 20TB Oracle (running on Unix) Datawarehouse that does about 150M Transactions a day. There are about 300 users and not more than 30 concurrent users. They already have a MOSS 2007 Installation so i need specs for the SSAS Server which will sit on its own server. My questions are; 1) What should the specs (RAM, Processor, Disk Space) of this SSAS Server be? 2) What would the specs of the SSRS Server be? 3) Any other special considerations? Thanks I'd buy the highest machi...

Data Validation using List (But needs unique list in drop down lis
Hi all, In sheet 1, column A is my title name while column B is person name. Sheet 1 is my database where i do data entry in this. In sheet 2, contains my query page. In cell A5, i uses data validation - list, on this cell. Say in sheet 1 : column A column B XXXXXXX Mr A YYYYYYYY Mr A ZZZZZZZZ Mr A AAAAAAA Mr B WWWWW Mr C DDDDDDD Mr C But In sheet 2, cell A5, I saw in the drop down list as follows: Mr A Mr A Mr A Mr B Mr C Mr C But i want to see this in cell A5 instead (Unique name that is) : Mr A Mr B Mr C ...

Use CountIf for a literal string
I am trying to count the number of cells in a range that contain the string <0.1. I don't want the number of cells that contain numbers less than 0.1, I want the actual string. Is there an escape character for comparison operators like the tilde for wild cards? Thanks, Chad Try this... =SUMPRODUCT(--(A1:A10="<0.1")) -- Biff Microsoft Excel MVP "chadkwelch" <chadkwelch@discussions.microsoft.com> wrote in message news:73F17509-1C52-4935-A45D-66DCC63B20C6@microsoft.com... >I am trying to count the number of cells in a range that ...

Posting Date used in Revenue Expense Deferral
I have a PM Invoice with Document Date 16/11/2009 and Posting Date of 01/12/2009. Entered Deferral details starting 01/12/2009. In GL the deferral charges commence 01/12/2009 and are all as expected. The Credit entry for the full invoice is posted to GL with posting date of 01/12/2009. The problem I have is that the Debit entry for the full invoice amount is posted to the document date of 16/11/2009 and I want it to be the same as the invoice posting date (01/12/2009) Is there a way to do this? Thanks Audrey ...

Can't Send Messages Using Outlook Web Access & XP
Our users with Windows XP cannot send messages using OWA. I've read a few KB articles about some incompatabilities between XP and OWA, but none of the proposed fixes (using the "basic" rather than "premium" client, or changing the security settings in IE) seem to solve this last problem. When they click on "send", it generates an unspecified "error on page". The problem occurs using IE and Firefox, but just on XP machines. My Windows 2000 machine works fine using IE and even my Macintosh using Safari (gasp!) works. ...

How do I specify an address when using "ActiveDocument.SendMail"
Hi Here is my code: If Not IsNull(([Forms]![Process Bookings]![Booking Form].Form.Email)) Then Options.SendMailAttach = True objWord.ActiveDocument.SendMail How do I specify the recipients address? Stapes ...

Could very much use a Field List
I apologize if this is out there already, but it seems that at least a few field names changed from 1.2 to 1.3. Although I had downloaded a field list before, from here, I cannot even find that original post, let alone any more recent that might contain the correct field names. I need to do some custom SQL and would prefer not to reinvent the wheel. Thanks in advance very much to anyone who could help. Bud Izen Salem Oregon Do you have MS Access? Make a new project and attach to the database as your data source. You will be able to see all the tables and the field names. It has been ...

How to Print string (Windows Printer) using RMS QSRules.
A windows printer is set as a receipt printer for a register. I need to print strings to this printer using RMS QSRules. How can I do this? I tried using Register.ActivePrinter.PrintNormal(Station as Long,Data as String) but it won't work. By the way, what is Station in the parameter? ...

Adding a VCard to an e-mail using Outlook 2000 and Outlook 2003.
Hello. I have a question. Does anyone here know how to add a VCard to an e-mail in Outlook 2000 as well as in Outlook 2003? I want to be able to do this after I click new and I have a new blank message on my screen. Any and all help would be greatly appreciated. Thank you. -- darylakagod Outlook provides no way to add a vCard .vcf file in this scenario. The built-in way to do it is to start with a contact, not a message, and choose Forward as vCard on the contact's Actions menu. -- Sue Mosher, Outlook MVP Author of Microsoft Outlook Programming - Jumpstart for Admin...

Can't use address book
I am not able to add contacts in my address book. I receive the error: You cannot create entries for this address book when I try to add a new entry. I use Office 2000, with full Outlook. I would like to have an address book again... I have uninstalled and reinstalled office 2000 - no change in the problem. You get this error in trying to create a new item in your contacts folder? (sounds like you are select tools | address book | highlight "outlook address book" and trying to create a new item. you can't create items in the "outlook address book". this f...

Monitoring directories using FindFirstChangeNotification
All, I would like to monitor a few different directories using FindFirstChangeNotification. I have successfully used it in the past to monitor one directory. All the directories I would like to monitor are on the root of a drive, but I do not want to monitor all the directories on the root. Example: the root of the T drive, T:\Dir1 T:\Dir2 T:\Test T:\source T:\Backup T:\Update How can I montor the T:\Test, T:\source, and T:\Backup at the same time using FindFirstChangeNotification? Thanks in advance. Hi, You need to use the following API's to monitor the changes in a specific ...

Using outlook for email and outlook express for newsgroups
Hi I had outlook set up for my email messages and outlook express set up for reading newsgroups - now when I go to the newsgroups oe is automatically checking for email messages and downloading them - this never happened before and I think the only thing different is that I have installed a broadband modem and am waiting on freeserve activating my account - could something have happened to change this, and if so how do I change it back. Thanks Sharon "Sharon" <sharon@nospam.freeserve.co.uk> wrote in message news:c80adp$dva$1@newsg1.svr.pol.co.uk... > Hi > > I ha...

Using a OR() like function in an IIF statement
Hello, I am trying to create an IIF statement to test if the first character in a field is a 1,2,8 or 9. Something like the following: IIf(Left([possible_SO_match],1)="1 or 2 or 8 or 9",[Possible_SO_Match],"No Match") Is there a way to create it without going to a 4 level nested IIF statement? Thanks, Kerry -- Message posted via http://www.accessmonster.com kkulakow via AccessMonster.com wrote: > Hello, I am trying to create an IIF statement to test if the first > character in a field is a 1,2,8 or 9. > Something like the following: > > IIf(Left([possib...

Print dialog box using VBA in excel
Hi Everyone, I like to add a print button (that will select several worksheets and print them) in my excel worksheet. I have recorded my action using the macro recorder the problem is I can't select the printer everytime I run the macro it print in the background without asking the user to select the printer and uses the default printer. Can anyone help?? I just want the user to be able to select the desired printer every time before printing. My current code: Sub Print_All() Sheets(Array("Sheet 1", "Sheet 2", "Sheet 3", "Sheet 5)).Select 'intent...

can cells apply conditional formatting using the internal clock?
I am using excell to keep track of my production schedule and I wanted to know if there was a way to tie the cells in a worksheet to the internal date and time in the computer,so that the cells will update automatically. Example: Row A10 would be my production start date, Row A1 would be my projected finish date, I would like the cells in between to go from green to red as I near the finish date without manually inputting the date in each cell. Can you help me? Thyanks Set the normal format as desired (I selected a Pattern of Green). Select A1:A10, then select Format | Conditional Fo...

Using DAO instead of ADO
I have an Access 2000 database that was converted from Access 97. On one of my users computers, her system was re-installed with Access 2000, and the database has not worked correctly since that time. If I remember correctly, we had to set up the computers for these users to use DAO over ADO. It's been over two years since we did this, and (I hate to admit it - but) I've forgotten to how to set up the DAO to take precedence over ADO. Can someone please remind me? I thought it was part of the Add-ins, but when I go into Add-in Manger, I have NO add-ins available. I've checked i...

How do a use a string as a param for a cmdlet when it contains opt
I have a script that cleans out old files, currently it is in this format write-host "\\sapecc01\Integration\SCC\Archive\* -Include *.txt" $a = Get-ChildItem \\sapecc01\Integration\SCC\Archive\* -Include *.txt foreach($x in $a) { $y = ((Get-Date) - $x.CreationTime).Days if ($y -gt 28 -and $x.PsISContainer -ne $True) {$x.Delete()} } #Keep DESADV for 28 days write-host "\\sapecc01\Integration\SCC\Archive\* -Include DESADV_*.xml" $a = Get-ChildItem \\sapecc01\Integration\SCC\Archive\* -Include DESADV_*.xml foreach($x in $a) ...

very simple and useful, email password recovery tool
Outlook Password Recovery is a easy-to-use and wide compatiable tool, capable of instantly recovering email passwords for popular email clients, such as Outlook, Outlook Express, Windows Mail, Incredimail, Eudora, etc. http://www.top-password.com/outlook-password-recovery.html -- johneou johneou wrote: > Outlook Password Recovery is a easy-to-use and wide compatiable tool, > capable of instantly recovering email passwords for popular email > clients, such as Outlook, Outlook Express, Windows Mail, Incredimail, > Eudora, etc. > > http://www.top-password.com/outlook-pa...

Using Access database to "populate" Excel Sheets
Please help!!! I am willing to PAY anyone who can get this to run fo me. I have been trying for 5 days now trying to use a DBVlookup function t populate fields in Excel. I used examples from 4 different forums usin this function, but I cannot get any of them to work. I am somewhat ne to VBA so forgive me if I am not making sense in my questions. I have Excel Spreadsheet called "Account_Number". It is set up a follows: Column A is called "Account Number"..... Column B is called "Looked u description in Access". Account Number Description...

Fonts do not print in colur used when document created.
When I create a document in either Word ot Publisher the text is not always printed in the colour selected. This problem seems particular to Red & Blue. can any one help please. Peeter Have you tried some maintenance on your printer? Are you saving as a PDF? This problem has been reported using Microsoft's save as add-in. -- Mary Sauer http://msauer.mvps.org/ "Peter Piper" <PeterPiper@discussions.microsoft.com> wrote in message news:76737C66-2B07-42DF-BFC5-828A14CE135F@microsoft.com... > When I create a document in either Word ot Publisher t...

Windows XP Embedded Service Pack 2 is anyone using this?
Is this something we would be able to use with RMS? Or is this just for devices? I love the quick bootup. I use the WEPOS operating system successfully in a number of installations. Microsoft certified WEPOS with RMS when they introduced version 2.0. Kinnard Kinnard L. Kohler Retail Management Systems of Arkansas 300 South Rodney Parham Road Parham Place - Suite 1 Little Rock, AR 72205-4747 (Tel) 501-412-5686 (Fax) 501-374-3636 Email: kinnardkohler@sbcglobal.net "Doug Pic-N-Pac" wrote: > Is this something we would be able to use with RMS? Or is this just for > de...

Need to insert a picture using a function
I would like to know if it is possible to insert a picture (.jpg) using a function. I have a simple quote sheet setup for my customers and would like to insert a picture of the product next to the quote information. Is it possible to insert a picture based on what i enter as my product number?? I know this is a vague question, sorry. Someone help please!!! Try this link for a possible solution:- http://www.mcgimpsey.com/excel/lookuppics.html -- Regards Ken....................... Microsoft MVP - Excel Sys Spec - Win XP Pro / XL 00/02/03 -------------...

Disclaimer using IMSEXT.DLL corrupting SMTP mail
I have installed IMSEXT.DLL and configured it to append a disclaimer to all outbound messages (article 258206). In order to work for our POP clients, I also set up the IMS to route all messages through the IS (article 238471). It works fine for messages originating from Outlook clients. Messages sent via SMTP from POP clients, or routed through the server via Custom Recipients get corrupted. Attachments (MIME) also get messed up. The simplest symptom to describe is that all text styling gets stripped. I haven't been able to find any more information on supporting non-Outlook client...

Excel VBA
Hi All, I have a list that has been created by using the validation too (Data>Validation) Is it possible that when someone wants to choose something from th list they could say type the first few words and it would automaticall show. I.e you type "holi" or atleast part of the word and the cell shows th whole word. Thanks steve:confused -- Message posted from http://www.ExcelForum.com Data Validation doesn't include the autocomplete feature. You can type the entire entry, scroll through the dropdown list, or use keyboard (arrow keys, page up, page down) to navigate th...