It would be an error of ‘Access Denied’ right after username entry, and all else would proceed as planned. Well I searched about it a bit and found the answer on superuser.com.

PuTTY tries several authentication methods in a row, which might cause these messages:

• GSSAPI (only if your system and the server have it enabled)
• Public key (only if you have a key loaded)
• Password

After receiving the “Access denied” message, hold Ctrl and right-click on the PuTTY window, then select Event log. At the bottom you will see what exactly caused the failure.

http://superuser.com/questions/312197/putty-0-61-why-do-i-see-access-denied-message-after-i-enter-my-login-id

Here are the steps to get your icons fixed:

1. Press Ctrl-Shift-Escape to get the task manager.
2. In the Processes tab, click on explorer.exe and click End Process. You’ll get a confirmation dialog. Click “End Process” to confirm.
3. From the File menu (still in the task manager), choose New Task (Run…).
4. Copy/paste/enter the following command in the run box:

   cmd /c del %userprofile%\AppData\Local\IconCache.db /a

5. Open the Run box again with File --> New Task (Run...). This time, enter this command:

   explorer.exe

6. All should be okay now. Open the Start Menu and confirm that your icons are fixed now.

That should get you back into working condition (worked perfectly for me, or I wouldn't post it).  All icons show up now.

Reference:
http://www.sevenforums.com/general-discussion/9973-icons-not-showing-up.html#post356016

I will add more references here as I find them useful:

• http://www.justlinux.com/nhf/Programming/Bash_Programming_Cheat_Sheet.html – Bash Cheatsheet
• http://www.mindpicnic.com/tag/bash/ – Learn Bash

Below is the IPTABLES script that I’ve developed based on multiple sources:

#!/bin/sh
IPT="/sbin/iptables"
# Flush old rules, old custom tables
$IPT -F
$IPT -X
$IPT -t nat -F
$IPT -t nat -X
$IPT -t mangle -F
$IPT -t mangle -X
$IPT -P INPUT ACCEPT
$IPT -P FORWARD ACCEPT
$IPT -P OUTPUT ACCEPT
# Set default policies for all three default chains
$IPT -P INPUT DROP
$IPT -P FORWARD DROP
$IPT -P OUTPUT ACCEPT
# Enable free use of loopback interfaces
$IPT -A INPUT -i lo -j ACCEPT
$IPT -A OUTPUT -o lo -j ACCEPT
# All TCP sessions should begin with SYN
$IPT -A INPUT -p tcp ! --syn -m state --state NEW -s 0.0.0.0/0 -j DROP
# Lets log and drop stuff
$IPT -N LOGNDROP
$IPT -A INPUT -j LOGNDROP
$IPT -A LOGNDROP -p tcp -m limit --limit 4/min -j LOG --log-prefix "Denied TCP: " --log-level 7
$IPT -A LOGNDROP -p udp -m limit --limit 4/min -j LOG --log-prefix "Denied UDP: " --log-level 7
$IPT -A LOGNDROP -p icmp -m limit --limit 4/min -j LOG --log-prefix "Denied ICMP: " --log-level 7
$IPT -A LOGNDROP -j DROP
# X-mas tree protection
$IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOGNDROP
$IPT -A INPUT -p tcp --tcp-flags SYN,FIN,RST SYN,FIN,RST -j LOGNDROP
$IPT -A INPUT -p tcp --tcp-flags SYN,FIN,RST,PSH SYN,FIN,RST,PSH -j LOGNDROP
# block IANA reserved
$IPT -A INPUT -i eth0 -s 10.0.0.0/8 -j LOGNDROP
$IPT -A INPUT -i eth0 -s 172.16.0.0/12 -j LOGNDROP
$IPT -A INPUT -i eth0 -s 192.168.0.0/16 -j LOGNDROP
# Accept inbound TCP packets
$IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A INPUT -p tcp --dport 80 -m state --state NEW -s 0.0.0.0/0 -j ACCEPT
$IPT -A INPUT -p tcp --dport 443 -m state --state NEW -s 0.0.0.0/0 -j ACCEPT
$IPT -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH
$IPT -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 5 --rttl --name SSH -j DROP
$IPT -A INPUT -j LOGNDROP

The script is fairly straight forward, but includes a few little ‘gems’, those include X-mas tree protection (fully lit up packets – SYN, FIN etc;). As well as blocking IANA reserved ip’s (which you should not get on an external box!).

The only ports that I open are port 80 for HTTP.
Port 443 for HTTPS and 22 for SSH (altho I should move it to a non-standard port to reduce bruteforce attacks).

What kind of gems do you guys have in your iptables for protection? One of my next plans is to either add a port-knock (for ssh) or a tarpit (also for ssh – which should slow down bruteforce attempts).

I have written some apps in the past that have relied on wget to fetch content, thereby cache it locally (as a backup in case of remote failure, as I’ve had a couple times).  Also it reduces the load if that data is begin shown on the your website/app.  So if 100 users sign on and check something, it doesn’t hit the remote server for 100x fetches of that data, it just falls back to the local copy, then the re-sync takes place 10-15 min later.

Anyways the command to get a timestamp check before downloading a file is:

wget -N http://google.com/robots.txt

So the above command will only fetch the robots.txt file IF and ONLY if the following is true:

• A file of that name does not already exist locally.
• A file of that name does exist, but the remote file was modified more recently than the local file.

Well there you have it, dumb but useful command if you ever need it.  Here is a script that I’ve used in the past to spool & fetch RSS / XML feeds:

!/bin/bash
#------------------------------------------------------------------
#
# This script will run via CRONTAB and fetch data from the
# urls.txt file, which can be used internally.  This way we minimize
# the number of requests externally for data.
#
# - created by Jakub
#
#------------------------------------------------------------------
basedir=/htdocs/RSS
storedir=/htdocs/RSS/read/
sourcefile=/htdocs/RSS/urls.txt</strong>
#------------------------------------------------------------------
# Read the URLS.TXT file to get the URL/filename
#
# Formatted:
# http://google.com/robots.txt/robot.filename.txt
# ^- URL                                                 ^- filename to save as
for s in `cat "$sourcefile"`;
do
geturl=`dirname $s`;
filename=`basename $s`;
wget -qN $geturl -pO "$storedir"$filename;
done;
#------------------------------------------------------------------

Anyways, the problem stemmed from being unable to connect remotely (RDC) to one of my server2k3 boxes. I needed to modify the software firewall settings, and due to security reasons (whether good or bad I don’t know) I couldn’t administer the firewall to make changes unless I was at the console.

The firewall I am running is Sygate Personal Firewall Pro 5.5 (now owned by Symantec.. ugh!). Its a very efficient software firewall, but the one drawback is being unable to use the gui when remotely logged in using RDC.

So to get around this I had to do the following:

mstsc /v:servernameoraddress /f /console

I did that from my machine (cmd prompt) and it forces the connection as a console connection (even tho it is remote). There you have it, you can now remote Sygate PF Pro 5.5

Hope this helps anyone out there looking for a solution to this problem, and pissed that Symantec canned everything Sygate had for documentation.