CREATE ASSEMBLY for assembly 'MyProject' failed because assembly 'MyProject' is not authorized for PERMISSION_SET = EXTERNAL_ACCESS.
The assembly is authorized when either of the following is true:
the database owner (DBO) has EXTERNAL ACCESS ASSEMBLY permission and the database has the TRUSTWORTHY database property on;
or the assembly is signed with a certificate or an asymmetric key that has a corresponding login with EXTERNAL ACCESS ASSEMBLY permission.
If you have restored or attached this database, make sure the database owner is mapped to the correct login on this server. If not, use sp_changedbowner to fix the problem.

Before I go futher, let me redefine the different permissions sets for SQL CLR

• SAFE: This permissions set is applied by default if not specified otherwise, and SAFE is the most restrictive permission set. Code executed by an assembly with SAFE permissions cannot access external system resources such as files, the network, environment variables, or the registry.
• EXTERNAL_ACCESS: This permissions set enables assemblies to access certain external system resources such as files, networks, environmental variables, and the registry.
• UNSAFE: enables assemblies unrestricted access to resources, both within and outside an instance of SQL Server. Code running from within an UNSAFE assembly can call unmanaged code as well.

SAFE is highly recommended by Microsoft.

So basically you are getting the error because using EXTERNAL or UNSAFE allows code to do something outside the scope of what SQL can normally do, and therefore for security measures SQL blocks you from just going ahead and loading this onto the server.

There are two fixes to this. The first is to go to the database you will be deploying the CLR function to and running the command

ALTER DATABASE Databasename SET TRUSTWORTHY ON;

While this works, it also is not the right solution as this will enable your database to run any CLR that is deployed to it, making it easier for bad or unreviewed code to get onto the SQL Server (again – this is bad).

The correct solution is to make an Asymmetric Key for your CLR Function, create a user to use the key, and then Grant the permission set access for that user. To do this you do the following:

USE master
GO 
-- First Create the Asymmetric Key from the Assembly
CREATE ASYMMETRIC KEY SQLCLRUserKey
FROM EXECUTABLE FILE = 'C:\SQL CLR Functions\SQLCLR\bin\Release\SQLCLR.dll'
GO

You can change “SQLCLRUserKey” to whatever you would like the key name to be, and the path to the dll must be the path to your CLR functions output dll.

-- Create the Login from the Asymmetric Key
CREATE LOGIN SQLCLRUser FROM ASYMMETRIC KEY SQLCLRUserKey
GO

This creates the user based off the key we made in step 1. Again, “SQLCLRUser” can be whatever user name you want to use, and you just need to make sure “SQLCLRUserKey” matches whatever name you used for Step 1.

-- Grant the External Access Priviledge to the Login
GRANT EXTERNAL ACCESS ASSEMBLY TO SQLCLRUser
GO

This grants the permissions for this user to deploy SQL CLR Projects with EXTERNAL permission sets. In order to do UNSAFE just change the words “EXTERNAL ACCESS” to “UNSAFE”.

Last is

USE [MyDatabase]
GO
-- Add a database user in the SQLCLR_Net Database for the Login
CREATE USER SQLCLRUser FOR LOGIN SQLCLRUser
GO

Where “MyDatabase” is the name of the database where your CLR Project will be deployed. This creates the user mapping in that database.

After this, you should be able to deploy your project as normal, and by doing these steps you will just be granting permissions for the specified CLR Project instead of ANY CLR Project (much better don’t you think?)

What I found really annoying is that I have backups of the primary database and I perform log shipping from the publishing server to the secondary server for backup purposes. That means I already had most of the data of that table that was going to be duplicated and sent over in a snapshot. I figured there had to be some way to be able to import the data I already had into the replicated table on the subscriber, and then catch up the records to the replicated data, and then have replication continue to add records after that. I talked to a friend of mine and he had some idea’s on how to “hack” this, however it was more related to a process he was doing and didn’t really fit my goals. After attempting to find a work around for the better part of a day, I wound up finally finding the solution, and figured I would write it down here.

So to begin – you first need to already have a backup or bulk insert file, or log shipped database at the subscribers location.

1] Stop the distribution from occurring. You need to open up the distribution agent and stop the process. This is done by going to Replication—> Local Publications—>Publication–>Subscription
and right clicking and clicking properties in SQL Server Manager. Then click Stop.

2] Re-initialize the subscription. Right click the subscription and click “Reinitialize”. On the screen that pops up, select “Use a new snapshot” and “Generate a new snapshot now”.

3] Monitor the snapshot process. Right click the publication and click “View snapshot agent status”. You are basically going to wait until it says “[100%] A snapshot of x article(s) was generated.”, where x is the number of articles you are replicating. Steps 4 and 5 can be done while waiting for this step to complete.

4] Script out and remove indexes from the subscriber table. I would recommend scripting out all the drop statements and then the create statements for all indexes except the primary key on the subscriber table first, then dropping the indexes. By removing the indexes, you will stop the bulk insert from having to update indexes, which can speed up bulk insert TREMENDOUSLY (a.k.a – hours instead of days).

5] Import your data into the subscriber table. While the snapshot is being done, go ahead and import your data into the subscriber. If you need to make the table first then go ahead and do so but make sure it matches the schema of the table on the publisher. Bulk insert works the best to import the data. If you need to copy data from a log shipped database, use bcp to dump the table first, then all you have to do is change the destination table and change “out” to “in” for the bcp command, easy stuff.

6] “Hack” the snapshot files. Once the snapshot is done, You need to go into the snapshot folder (this is defined in your publication) and find the files that were created by the snapshot. Inside the folder there will be a folder called unc, open that and there will be a list of all the publications you have. Open the folder for the publication you are working on, and there will be a folder name which basically is the time at which the snapshot started. You may have multiple folders here if you have multiple snapshots, but it’s ok – just find the folder that has the highest date time and go into it (you may want to look at the date modified if you are having a hard time figuring the folder out). Inside the folder will be all the snapshot files. They are follow the following file types:

• *.bcp – contains the snapshot data of the table to be replicated
• *.pre – contains a script to execute on the subscriber in order to set up replication
• *.idx – The primary key index creation script
• *.sch – The schema for all the stored procedures, the tables, and any other things that will be needed to continue replication on the subscriber once the snapshot is delivered

what we’re going to do is basically make it so that the snapshot never does anything. To make that happen, we will be backing up all the files, and then replacing the .bcp, .pre, and .idx files with empty files, and then modifying the .sch file. You either do this manually (just make a folder called backup in that directory and do what I have started above), or you can make a batch file the does the following:

mkdir backup

for /f "tokens=*" %%a in ('dir /b *.bcp') do move %%a backup

for /f "tokens=*" %%a in ('dir /b *.pre') do move %%a backup

for /f "tokens=*" %%a in ('dir /b *.idx') do move %%a backup

for /f "tokens=*" %%a in ('dir /b backup') do echo. 2> %%a

for /f "tokens=*" %%a in ('dir /b *.sch') do copy %%a backup

which will basically do all of that for you; just put put it in the subscription directory and run it. Now go into the *.sch file(s) and remove the drop table and create table sections at the very tops of those files. Delete until you get to the “GO” statement right after the create table statement. Save the file.

7] Start replication distribution. Go back into SQL Server Manager and bring up the properties of your subscription again. The process should still be stopped from step 1. Assuming step 5 is done, you can go ahead and start the process now. It should quickly state that the snapshot has been sent, and then proceed on to saying that x amount of commands were transferred.

8] Catch up the difference between the snapshot and the data you imported. The problem now is going to be that you have a gap between whatever data you imported, and the last record of the snapshot. The distribution will only send rows that occurred AFTER the snapshot, so if your backup does not go up to the same point as the snapshot, you’re going to have to catch up these rows manually. This is the reason that this process only works for tables that will not have their rows updated or deleted – because the log reader agent doesn’t know the difference between your backup and where it is at currently. If however your backup was form something like log shipping, and therefore you could have made the backup AFTER the snapshot was done, this should prove not to be an issue.

After hearing about season 2, I actually watched the entire first season (75 episodes) and the 2 specials again just to got up. That makes it the first anime that I have ever watched over again (excluding anime movies). I can’t wait to start watching the second season .

I watched Hajime no Ippo years ago back in 2001-2003 when it came on originally. Normally it’s not the type of Anime I go for (being a sports Anime and being about boxing, which at the time I could have cared less about), but a friend got me to see the first ep and I was hooked after that. HnI is not just about boxing as there is a HUGE amount of character development, with most of the matches even having character development inside of them. Also the matches come fairly quickly, as thee is never really more than 5 episodes that go by before Ippo is at least weighing in for his next match. In other words, this is not one of those ‘filler’ animes – as it shouldn’t be, since the manga has been in circulation since 1991.

Anyways, I think what really draws me to this anime is A) The great character development and attention to detail B) The choreography of the fight scenes and C) the ‘comeback’ nature of each of Ippo’s matches and how he learns to fight back.

The anime is definitely a shonen type of series, and I doubt any but a few girls would enjoy it; even thought the plot and character development is great, there still is a lot of fighting. The series even sort of makes fun of this with at least two girls characters who don’t see a reason for boxing (Kumi – Ippo’s gf and Ippo’s mom). Still I would recommend it to anyone as a great series, it seems like this series gets looked over by too many people do to it being a more sports related anime.

This time around, Link has to fight off the Twilight, basically kind of like another dimension, and eventually save Hyrule from the Evil wizard Zant. In order to accomplish this, Link morphs into a wolf form while in the Twilight, and has different tools at his disposal while in that form (seeing invisible things, digging a hole through a secret underground passage). He also comes across Midna, a girl from the Twilight who helps him in various ways such as portals, advice and teleporting objects to other places on the maps.

This game definitely follows the same style as the Nintendo 64 Zelda. It even has the Z-targeting the same as in Ocarina of Time (OoT), and you even visit certain places that you visited in OoT such as the Temple of Time. I did bother to look it up and according to the lore, Twilight Princess takes place hundreds of years after OoT – so there is a method to the madness.

The only thing I found disappointing about this game was that the bosses were all way too easy. Heck, the first boss of the game can’t even hit you if you stand far enough back, and yet you are able to hit it just fine from there. I don’t think there was one time in the entire game that I came even remotely close to dying on a boss – even on the final one.

In any case, the puzzles remain just as difficult and fun to figure out as they were in previous installments of the series – not too hard, not too easy. You also get weapons that are new to the Zelda series, such as a Ball and Chain – whihc let’s you smash huge boulders and ice, and the Spinner – which is a spinning top you ride that can ride along special pathways found on walls. I really liked the Spinner, although I felt it wasn’t used enough – you do fight a boss with it and that boss fight just seemed kinda epic.

Anyways, if you have not played this game yet, you should try it. It’s available for the GameCube as well as the Wii – although the Wii version should be much more fun since you get to swing the Wiimote in order to swing Link’s sword and the like. I wouldn’t say this is the best Zelda game ever, but it’s definitely in the top three.

On Saturday we decided to go talk to the furniture people about our couch. It has a stain and, since the furniture people cannot get it out and we had bought the warranty on it, they owe us a new couch. They had sent out a Stanley Steamer truck that morning and even those guys couldn’t get it out. We had got the fabric protector stuff applied, so supposedly any stain should have come out of the couch – however we didn’t think it “really” got applied. Since I get a brand new couch after two years though – not like I care. Anyways, we talked to them for a bit (have to go back in a few weeks to buy a new one) and then headed over to Bubbalou’s Bodacious BBQ – undoubtedly the best BBQ joint in town (and from what Dad says – one of the best places he’s ever been to – and he’s been to a lot of BBQ joints). The boys like it there – it has a little train that goes around a track on the ceiling, so they like to look at that.

Next we went to Best Buy and looked at the TV’s and netbook computers. My wife is thinking about getting a netbook just because 1) they are cheap 2) The are extremely portable 3) she wants to get rid of her computer so she can move my PC into our bedroom in it’s place. We looked at the new OLED TV’s. At 3mm thick, it was like looking at a pane of glass – quite impressive (and equally expensive). They also had some surround sound speakers – two speakers @ $1,299 a piece – insane!

For our last stop we went to a plant nursery and butterfly garden. It was REALLY nice and all the plants looked very healthy. We wound up staying there for a couple hours while we browsed the selection. We got some flowers to make a little garden (where no sun shines in our yard in a certain corner) and some sod. Let me tell you – the Home Depot sod is like garbage compared to this stuff. Home Depot charges $5.00 for a 2 x 1 foot piece, whereas this place charge $1.39 for the same size. The Home depot grass is normally half dead as well – this stuff looked like they had just plucked it from the greenest field you ever saw like 5 minutes ago. We took all the items home and planted them all – Ethan had a fun time digging with the rake and shovel as it was something he had been looking forward to for a while. We rounded off the day with another trip to the pool where Ethan did even better than the day before.

On Sunday we went to Toys-R-Us and purchased a 6 foot around hard plastic swimming pool. I had to tie it to the roof rack (lucky thing I keep rope in my car!) and, after having to stop once to “enhance my rope placement”, we managed to get it home. We had a picnic in the back with some Publix subs and fried chicken we had bought on the way home. Logan went down for a nap, but Ethan was excited to go play in his pool. We filled it up and he had fun going down the slide that was built into the pool. After about an hour we got Logan up and tried to get him into the pool. He wasn’t into it much though as the water was too cold for him. Eventually we dumped about 15 gallons of nearly boiling water into the pool and, although that made it about normal temperature, we still could not get him in. We went ahead and put Madelyn into the pool to see how she would like it and she splashed a little before we had to get her out (Ethan was treating the pool more like a “wave pool”. Logan must have decided not to be shown up by his baby sister after that though cause he jumped right in.

All in all we probably stayed out there for like 3-4 hours; the was just a beautiful day and it felt so nice to just sit there and soak up the sun – I even dozed off a couple times heh.

It was just a perfect weekend really, and the weather just couldn’t have been any nicer. I did feel a little sad at the end of the weekend though because I just kept thinking about how the boys were growing up and how in a few years they just wouldn’t be content to just play with a pool for so many hours – no matter how big or how many “cool features” the pool had. Ah, life goes by so fast; babies grow up so quick.

I haven’t told my parents yet, not sure how I’m going to phrase it yet. I mean, they like to see the kids and all – so it will be hard for them, but I know that this is the right move for us, so I’m sure somehow I can get them to understand.

I guess what I’m really the most excited about with moving there is how much cheaper stuff will be. I mean – jeans? $10. Shoes? $4 I love deals and all so just thinking about all the stuff I can get so cheap makes me kind of happy. Also games and anime are so much more readily available there.

The boys are pretty excited about it already. I told Ethan that he is going to get to see lots if trains that go really fast, so he is pretty excited about it.

Anyways, the decision has been made – I’ll post more details about it later, but for now I just thought this would be a good place to announce it since I know many of my friends read this blog.

Talk to you later! Or should I say… Jaa Ne!

After all the background checks, interviews and testing were done, there were 3 finalists; Two men and a woman.

For the final test, the FBI agents took one of the men to a large metal door and handed him a gun.

‘We must know that you will follow your instructions no matter what the circumstances.
Inside the room you will find your wife sitting in a chair .. . . Kill her!!’

The man said, ‘You can’t be serious. I could never shoot my wife.’

The agent said, ‘Then you’re not the right man for this job. Take your wife and go home.’

The second man was given the same instructions. He took the gun and went into the room. All was quiet for about 5 minutes.

The man came out with tears in his eyes, ‘I tried, but I can’t kill my wife.’ The agent said, ‘You don’t have what it takes. Take your wife and go home.’

Finally, it was the woman’s turn. She was given the same instructions, to kill her husband. She took the
Gun and went into the room. Shots were heard, one after another. They heard screaming, crashing, banging on the walls. After a few minutes, all was quiet. The door opened slowly and there stood the woman, wiping the sweat from her brow.

‘This gun is loaded with blanks’ she said. ‘I had to beat him to death with the chair.’

MORAL: Women are crazy. Don’t mess with them

1. Open only the RDP port open and forward connections coming to the WAN IP address on the dd-wrt to that port to my computer
2. Only allow connections from a specific IP address (my work).

In order to do this, you will need the following information

• Know the external IP address that you want to allow. A quick trip to whatismyip.org from your work computer will give you this if you don’t know it. I’ll also show below if you just want to allow ALL IP addresses.
• Know the internal IP address of your computer you want to RDP to. You can get this just by doing “ipconfig” on your home machine. Note that you pretty much have to set you computer to a static address on your dd-wrt. To do this if you haven’t already, do “ipconfig /all” and get the value for “Physical Address”. Now go to the dd-wrt Administration web site and go to the Administration tab, and then to the Services sub-tab. Under “Static Leases”, add a row and add the Physical Address you got from ipconfig. You will need to replace the dashes with colons ( : ). Add whatever you call your computer to the host name (this doesn’t really matter – you could put ‘computer’ in the box if you wanted). Now add the IP Address value you got from ipconfig in the IP Address box, then hit Save Settings at the bottom of the screen.

I knew that RDP is port 3389 by default on Windows (just an FYI – you can change this in the registry if you like). If you would like a different port, you can pretty much just google the program you are looking forward followed by the word “port” and you’ll surely find the ports you need.

First, you will need to get to the command window for the box. The easiest way to do this is by going to the dd-wrt administration web site, then going to the “Administration” tab, and click the “Commands” sub tab. DD-wrt uses linux, and therefore uses iptables for it’s firewall network packet filtering abilities. That being said, we just need to add some rules to the iptables to run on top of all the other filtering rules the box already has.

PLEASE note that there is a “backup” sub tab under the “Administration” tab as well. You may wish to backup your settings BEFORE applying this change – just in case you make a mistake or something

iptables -I PREROUTING -t nat -d $(nvram get wan_ipaddr) -p tcp --source WAN_IP --dport 3389 -j DNAT --to-destination LAN_IP
iptables -I FORWARD -d LAN_IP -p tcp --dport 3389 -j ACCEPT


where WAN_IP is the external IP of where you want to connect from (in my case, my work IP), and LAN_IP is the internal IP address of the computer you want to connect to (in my case, my home computer). I think most of this is self explanatory, but I’ll break it down a bit just so you can know what some of these parameters are doing.

• -I PREROUTING – this tells the the firewall network address translation (nat) routing to alter packets as soon as they come in. The -I says to insert the command to the rules for the firewall, adding it as the top rule (meaning it supersedes all other rules).
• -d $(nvram get wan_ipaddr) – this is a special command for the dd-wrt router, which tells the device to get the current WAN IP for the WAN port
• -j – this is a parameter for the commands, which tells the rule what to do if the rule matches the packet being examined.

Optionally, you can do multiple ports by removing the “–dport 3389″ and replacing it with a different command for multiple ports followed by a comma separated list. In example:

-m multiport --dports 3389,80

Also you can just remove the “–source WAN_IP” if you want to allow connections from any public IP (much less secure obviously).

Once your changes are in the box, hit the “Save Firewall” button, and this will save the commands into a custom script that will run every time the firewall is started on the dd-wrt router. Note that these commands should not be under the “Save Startup” custom script (it won’t hurt anything – but it doesn’t do anything either). If you ever want to change the commands, just hit the Edit button on the custom script for the firewall and modify it accordingly. You can even set the box to empty and hit save firewall again in order to delete your script.

That’s it! Hopefully in the future the dd-wrt firmware will include the ability to do 1:1 nat’s, but for now at least there is a work around.

]]> http://www.omegaprojex.com/index.php/2009/03/27/adding-one-to-one-nat-on-dd-wrt-for-a-specific-ip-address-to-forward-traffic-like-rdp/feed/ 2 http://www.omegaprojex.com/index.php/2009/03/20/the-things-kids-say/ http://www.omegaprojex.com/index.php/2009/03/20/the-things-kids-say/#comments Fri, 20 Mar 2009 14:32:34 +0000 ElementZero http://www.omegaprojex.com/?p=581 So Ethan had a question for Mariel this morning, apparently about growing up and what was going to happen to him in life in regards to a family and living with us. The conversation went something like this:

Ethan: Why is Maddie a girl like you?

Mariel: Cause she just is buddy.

Ethan: Is she a mommy like you?

Mariel: No, not yet, but she probably will be someday.

Ethan: Do I have to do what she says then?

Mariel: HUH?

Ethan: Yeah, when she starts being my mommy do i have to listen to her?

Mariel: No buddy, she won’t be your mommy…she’ll have her own family…just like you will

Ethan: Where will we live?

Mariel: I don’t know buddy…wherever you decide to live I guess.

Ethan: And you and daddy and logan and maddie and her babies will live with me?

Mariel: No bud, we’ll live somewhere else.

*Ethan puts a very sad and confused look on his face*

Mariel: Whats wrong E?

Ethan: I don’t ever wanna move away from you and daddy cause you’re the best mommy and daddy in the whooooollllleee world and if I move away from Logan I won’t have anyone to play with me and I”ll be soooooooooo sad



Anyways, figured I would put it here for posterity sake – since I figure in about 10 years he’ll be 13 and won’t want a thing to do with us anymore heh

]]> http://www.omegaprojex.com/index.php/2009/03/20/the-things-kids-say/feed/ 1 http://www.omegaprojex.com/index.php/2009/03/19/uninstalling-symantec-endpoint-protection-without-the-uninstall-password/ http://www.omegaprojex.com/index.php/2009/03/19/uninstalling-symantec-endpoint-protection-without-the-uninstall-password/#comments Thu, 19 Mar 2009 18:12:56 +0000 ElementZero http://www.omegaprojex.com/?p=575 In a previous post, I talked about removing Symantec Endpoint Protection from your corporate network via a vbscript that ran through Group Policy. I had a problem though where I had uninstalled the program from all my computers, but I had it running on one server also.

As I went to uninstall it from the server, it asked me for the uninstall password. At this point, I had already removed the Symantec Endpoint Protection server as well, so setting the uninstall password was not possible. Although I knew what the uninstall password was, it occured to me that what would I do if I had not known it? After searching around a bit – I found the solution.

First, go ahead and uninstall Symantec Endpoint Protection via the Add/Remove Programs. When the Uninstall password box comes up, right click on your task bar and open “Task Manager”. Go to the processes tab and look for msiexec.exe. There is probably more than one of them – one of them is for the password box. Just go ahead and pick one, and hopefully it will be for the password box (if not just reatrt the uninstall process). Once you kill the password box, the uninstall will continue as normal.

Of course, one wonders how “secure” the uninstall password really is since it can be “hacked” so easily.

]]> http://www.omegaprojex.com/index.php/2009/03/19/uninstalling-symantec-endpoint-protection-without-the-uninstall-password/feed/ 1