six demon bag
Wind, fire, all that kind of thing!
2020-10-05
Registration Blocker 1.4.0 released
A short while ago I forked the Registration Blocker plugin for Question2Answer, since it apparently has been abandoned by the original developer, and I needed some additional features.
Today I'm releasing my updated version of the plugin, which adds the following features:
Posted 20:10 [permalink]
2019-11-13
Catching Exceptions in PowerShell Default Output Formatting
Yesterday I came across a question on StackOverflow that turned out to be rather interesting. The person asking the question used code similar to the below snippet for validating user credentials:
$user = 'user'
$pass = 'pass'
$path = 'LDAP://' + ([ADSI]'').DistinguishedName
New-Object DirectoryServices.DirectoryEntry ($path, $user, $pass)
which produces errors like this when the computer is not a member of a domain:
Posted 20:46 [permalink]
2017-04-01
Reset VSS Writers
VSS writers are application-specific components for Microsoft's Volume Shadow Copy Service, which ensure the consistency of application data when a shadow copy is created. That's quite useful for creating consistent backups of a system. However, some of these writers go into error states more or less frequently. And Microsoft did not deem it necessary to document how to reset writers without rebooting the entire system (or at least I didn't manage to find that piece of information).
Posted 16:19 [permalink]
2015-03-12
Transfer Active Directory Site Subnets
A while ago I had to take a couple hundred subnets (don't ask) of an Active Directory site in one domain and re-create them in another domain. Doing that manually would've been a real pain. But if you export the subnets to a file the list can easily be transferred to the other domain and imported there.
Posted 17:42 [permalink]
2015-01-18
Adding Group Members Across Domains
Normally when you add a member to an Active Directory group you'll simply use the Add-GroupMember cmdlet from the ActiveDirectory module. Except when you have to do it across domains/forests where the source domain is still running Windows Server 2008 (not R2). As in "no AD PowerShell cmdlets" and "no Active Directory Web Service (ADWS)". *sigh*
Posted 18:25 [permalink]
2015-01-05
PowerShell Execution Policy Scopes
Sometimes when you try to change the PowerShell execution policy you'll get an error message that the setting was applied, but will be overridden by a setting in another scope:
Set-ExecutionPolicy : Windows PowerShell updated your execution policy successfully, but the setting is overridden by a policy defined at a more specific scope. Due to the override, your shell will retain its current effective execution policy of XXX. …
Execution policies can be defined in five different scopes, from LocalMachine (least specific) to MachinePolicy (most specific), where settings in more specific scopes take precedence over settings in less specific scopes. Use Get-ExecutionPolicy -List to see which scope has which setting.
Posted 22:46 [permalink]
2014-06-04
Domain Password Change in Remote Desktop Sessions
At work we're connecting to customer systems through a jump station. This creates the problem that for domain password changes on the customer systems I can't open the Windows Security dialog/screen via either Ctrl+Alt+Del (shows the one on the local computer) or Ctrl+Alt+End (shows the one on the jump station).
Posted 23:14 [permalink]
2013-12-11
Some Useful DFS Commands
List DFS replication groups:
dfsradmin rg list
List replicated folders in a replication group:
dfsradmin rf list /rgname:<REPL_GROUP>
Posted 15:16 [permalink]
2013-08-27
Import other script files in VBScript
The VBScript language doesn't provide a feature for including other code files, so you can't easily build and import code libraries. However, the missing feature can be emulated using the ExecuteGlobal statement in a custom Import procedure.
Posted 14:00 [permalink]
2013-03-12
TSM BA Client 6.4 on Debian
Although IBM doesn't officially support its TSM client on Linux distributions other than SLES and RHEL the client works quite nicely on Debian. With version 6.4 you need at least the following 4 packages on AMD64 systems:
- TIVsm-BA
- TIVsm-API64
- gskcrypt64
- gskssl64
Posted 00:46 [permalink]
2013-01-28
Creating blank VMs for PXE boot
For a customer project I had to create a couple dozen virtual machines on our Hyper-V cluster. The machines were to be installed via a 3rd party software deployment system (the customer doesn't use SCCM), so I had to assign static MAC addresses and enable PXE boot. The respective reservations on the DHCP server had to be created from the MAC addresses in a second step, because the customer domain is separated from the infrastructure domain.
Posted 11:09 [permalink]
2012-11-17
Importing VMs From external Hyper-V Hosts
I've been working on a project where I needed to migrate (clone actually, in order to maintain a fallback scenario) virtual machines from external (standalone) Hyper-V hosts to a Hyper-V cluster. The external hypervisors were not members of the same domain as the cluster nodes. The networks were separated by a firewall. A trust relationship between the domains was not desired.
System Center Virtual Machine Manager 2012 (SCVMM) supports this scenario, but there are several steps that must be performed to prepare for the migration.
Posted 20:03 [permalink]
2010-06-14
Active Directory Documentation
When you inherit an existing (usually home-grown) Active Directory, it can be a real pain to figure out how the thing was actually configured by the previous admin(s). In a situation like that it's kinda nice to have a tool at hand that'll do the dirty work for you.
Of course there's pay-ware like ADscribe, but personally I find $99 kinda expensive for something you're going to use every other decade (or so). Microsoft's own Active Directory Topology Diagrammer is freeware (well, sort of, since it requires Visio), but it has to be installed, and the results weren't that convincing when I tried to run it from outside the target domain.
Posted 21:37 [permalink]
2010-05-30
Backscatter protection
What is backscatter?
When mail servers accept mail and later discover that for some reason they are unable to actually deliver it, RFC 821 specifies that a Non-Delivery Notification (NDN, also known as "bounce") must be sent to the originator of the mail.
However, the "From" address can be spoofed most easily, so there is no guarantee whatsoever that the mail actually originated from that address. In case of a spoofed address, the NDN will be sent to someone who hadn't sent the original mail to begin with. These bounces going back to someone else but the original sender are called "backscatter".
Why is that a problem?
Because spammers tend to send their bulk e-mails to anything that looks even remotely like an e-mail address, the "To" addresses usually include lots of invalid addresses. Therefore spam-runs can cause massive waves of backscatter flooding the mailboxes of those people whose addresses were spoofed in the "From" field. However, it's not sensible to simply block all incoming bounces, because there are legitimate bounces as well.
Posted 22:41 [permalink]
