six demon bag

Wind, fire, all that kind of thing!

2013-04-03

Attach to Internet Explorer

Internet Explorer exposes a COM object that can be controlled programmatically e.g. from a VBScript. The usual way is to create a new Internet Explorer instance and work with that:

 Set ie = CreateObject("InternetExplorer.Application")

However, sometimes you may want to use an already running instance instead of creating a new one.

Posted 20:59 [permalink]

2013-03-12

Although IBM doesn't officially support its TSM client on Linux distributions other than SLES and RHEL the client works quite nicely on Debian. With version 6.4 you need at least the following 4 packages on AMD64 systems:

TIVsm-BA
TIVsm-API64
gskcrypt64
gskssl64

Posted 00:46 [permalink]

2013-03-09

Features on Demand in Server 2012

Back in the days of Windows 2000 Server and Windows Server 2003 it was common practice to copy the i386 folder from the CD to the server and change the SourcePath registry value, so you wouldn't have to shuffle installation media around for adding/removing Windows features. With the advent of Windows Vista and Server 2008 Microsoft introduced the component store. Now all Windows features were put on disk by default and simply had to be activated/deactivated. That increased the size of a Windows installation by factor 3-4, but on the other hand disk space had become rather inexpensive, so it wasn't that big a deal. And although the component store can be a little fragile at times it usually works quite well.

So far, so good. But what happened now with the release of Windows 8 and Server 2012? Someone at Microsoft decided that the component store took up too much space, so they introduced a new concept called "Features on Demand", which simply means that administrators can free disk space by removing components from the store. The .Net Framework 3.5 for instance was removed by default.

This is not a bad thing per se. However, the removed framework still shows up as an installable feature (e.g. in Server Manager), only now you're prompted for an alternate source path when you choose to install the framework. So what we have now is that the component store still eats up disk space (I didn't notice any significant reduction in used disk space) and we're back to either shuffling installation media around or copying sources to the local harddisk (eating up even more disk space).

Srsly, Microsoft?

Posted 15:06 [permalink]

2013-02-07

Auditing Windows File ACLs

Sometimes you run into a situation where you need to determine the permissions on some directory tree. Be it to document or clean up permissions on the subdirectories of a share, to troubleshoot permission issues due to deleted accounts or groups, or whatever. Manually analyzing permissions is quite tedious, even when using standard tools like cacls or xcacls. The output of XCACLS.vbs isn't any better, but since it's a script, I considered modifying it to suit my needs … until I took an actual look at the script. I abondoned the thought afterwards.

Posted 20:14 [permalink]

2013-01-28

Creating blank VMs for PXE boot

For a customer project I had to create a couple dozen virtual machines on our Hyper-V cluster. The machines were to be installed via a 3rd party software deployment system (the customer doesn't use SCCM), so I had to assign static MAC addresses and enable PXE boot. The respective reservations on the DHCP server had to be created from the MAC addresses in a second step, because the customer domain is separated from the infrastructure domain.

Posted 11:09 [permalink]

2012-11-17

Importing VMs From external Hyper-V Hosts

I've been working on a project where I needed to migrate (clone actually, in order to maintain a fallback scenario) virtual machines from external (standalone) Hyper-V hosts to a Hyper-V cluster. The external hypervisors were not members of the same domain as the cluster nodes. The networks were separated by a firewall. A trust relationship between the domains was not desired.

System Center Virtual Machine Manager 2012 (SCVMM) supports this scenario, but there are several steps that must be performed to prepare for the migration.

Posted 20:03 [permalink]

2012-11-16

Loop-mount VirtualBox Disk Images

On Linux you can mount disk images via loopback devices. Partitions inside disk images can be made accessible via kpartx from the multipath-tools. Unfortunately this does not work for VirtualBox disk images (.vdi). It's possible to loop-mount those disk images as network block devices, though.

Posted 01:53 [permalink]

2012-10-29

A Wrapper Class for Active Directory Queries

Tired of writing the same boilerplate code for querying objects from Active Directory over and over again? So am I. Thus I wrote ADQuery, a class that wraps the initialization of the required objects, sets some default values and also provides properties to allow for adjusting the usual parameters as the situation requires. See API documentation for details.

Posted 19:49 [permalink]

2012-10-03

VBSdoc - A VBScript API Documentation Generator

API documentation is nice, and being able to generate it from the code is even nicer. However, unlike Perl, Python, Java, or several other languages, VBScript doesn't have a feature or tool that supports this. Which kinda sucks.

I tried VBDOX, but didn't find usability or results too convincing. I also tried doxygen by adapting Basti Grembowietz' Visual Basic doxygen filter. However, doxygen does a lot of things I don't actually need, and I didn't manage to make it do some of the things I do need. Thus I ended up writing my own VBScript documentation generator.

Posted 22:54 [permalink]

2012-08-29

Linker Errors When Building Xlock on Debian

When building xlockmore (version 5.39) on one of my Debian boxes I encountered two linker issues, one with libxext, the other with libcrypt. Both issues persisted even after running configure with the --without-ext and --without-crypt options. WTF?! Why would anyone with at least half a brain provide --without-FEATURE options for apparently required features?

Posted 02:03 [permalink]

2012-08-11

Reset VSS Writers

VSS writers are application-specific components for Microsoft's Volume Shadow Copy Service, which ensure the consistency of application data when a shadow copy is created. That's quite useful for creating consistent backups of a system. However, some of these writers go into error states more or less frequently. And Microsoft did not deem it necessary to document how to reset writers without rebooting the entire system (or at least I didn't manage to find that piece of information).

Posted 22:06 [permalink]

2011-09-17

Interactive VBScript Shell

Python's interactive mode is very convenient, because you can try simple stuff without having to write it to a script first. Since I have to do a lot of VBScript lately, I wanted to have something like that for VBScript, too.

I found this blog post that has almost exactly what I wanted, except for line continuation. Which is what I added (for my own convenience). You can download the modified script here.

Update: Added an Import() procedure for loading/executing additional code from other VBScript files.

Update: vbsh can now be customized with an optional init script %USERPROFILE%\init.vbs.

Posted 18:11 [permalink]

2011-03-13

A Logger Class for VBScript

I got tired of having to re-implement logging routines for my VBScripts on a regular basis, so I wrote a logger class that serves as an abstraction layer for logging to interactive console/desktop, files or eventlog. Now I just instantiate a new logger, define the logging facilities (default is console/desktop for interactive, eventlog for non-interactive execution), and can log away with the same set of methods, regardless of log target. See API documentation for details.

Posted 22:10 [permalink]

2011-02-16

Function for Reading INI Files

I wanted to be able to use INI files as configuration files for my VBScripts, so I wrote ParseIni() to parse the contents of an INI file into a dictionary of dictionaries. Comments are allowed and must begin with a semicolon. As of yet, any semicolon is treated as the beginning of a comment, so neither section titles nor key/value pairs can contain semicolons. I'll probably add a more sophisticated comment handling at some point, but right now this works well enough for me.

As usual the function can be used by either copy/pasting the code or by importing the file.

Posted 20:43 [permalink]

2011-01-13

Function for Inspecting (not only) Dictionary-based Data Structures

Dictionary-based data structures are quite handy in various situations. However, when the structures grow, they tend to become messy pretty fast. To deal with this issue I wrote a function DumpData() to inspect a given variable and return a string representation of its data. It can be used either by copy/pasting the code or by importing the script.

DumpData() was inspired by Perl's Data::Dumper module, although my little function is far less sophisticated. Just in case you were wondering.

Posted 14:15 [permalink]

2011-01-02

A Wrapper Class for VBScript Arrays

Although VBScript does support arrays, their handling leaves a lot to be desired. To deal with the shortcomings of the built-in arrays (or rather, to avoid having to deal with them) I wrote CArray, a wrapper class that provides operations like inserting, appending and removing elements, getting slices (sub-arrays), sorting, etc.

Posted 03:23 [permalink]

2010-06-14

Active Directory Documentation

When you inherit an existing (usually home-grown) Active Directory, it can be a real pain to figure out how the thing was actually configured by the previous admin(s). In a situation like that it's kinda nice to have a tool at hand that'll do the dirty work for you.

Of course there's pay-ware like ADscribe, but personally I find $99 kinda expensive for something you're going to use every other decade (or so). Microsoft's own Active Directory Topology Diagrammer is freeware (well, sort of, since it requires Visio), but it has to be installed, and the results weren't that convincing when I tried to run it from outside the target domain.

Posted 21:37 [permalink]

2010-05-30

Backscatter protection

What is backscatter?

When mail servers accept mail and later discover that for some reason they are unable to actually deliver it, RFC 821 specifies that a Non-Delivery Notification (NDN, also known as "bounce") must be sent to the originator of the mail.

However, the "From" address can be spoofed most easily, so there is no guarantee whatsoever that the mail actually originated from that address. In case of a spoofed address, the NDN will be sent to someone who hadn't sent the original mail to begin with. These bounces going back to someone else but the original sender are called "backscatter".

Why is that a problem?

Because spammers tend to send their bulk e-mails to anything that looks even remotely like an e-mail address, the "To" addresses usually include lots of invalid addresses. Therefore spam-runs can cause massive waves of backscatter flooding the mailboxes of those people whose addresses were spoofed in the "From" field. However, it's not sensible to simply block all incoming bounces, because there are legitimate bounces as well.

Posted 22:41 [permalink]

2009-04-26

Patch for `kh2reg.py`

On Linux you can simply store a server's public key in your known_hosts file to avoid being prompted for host key verification. However, PuTTY stores server public keys in a different format, so you can't simply import a public key into the Windows registry and be done with it. You can convert known_hosts files to .reg file format with this script from the PuTTY homepage, but unfortunately the script doesn't account for entries that use a non-default port:

[a.b.c.d]:2222 ssh-rsa AAAA...

This patch fixes the issue. You can also download an already patched version of the script.

Update: The official version of kh2reg.py has been updated.

Posted 22:00 [permalink]

2009-01-29

Mail Encryption Proxy

A quick & dirty Perl script written by Alexander Bernauer and myself, because we needed our ticket system to be able to send encrypted mail.

Posted 17:13 [permalink]