six demon bag
Wind, fire, all that kind of thing!
On one of my servers a query for DB2 backups in TSM (
db2adutl query full db DBNAME) failed with the following error:
Error: Initialize environment failed with TSM return code 106
dsmrc.h return code 106 indicates a permission problem:
#define DSM_RC_ACCESS_DENIED 106 /* denied due to improper permission */
which was weird, since the user in question is a member of the DB2ADMNS group that is supposed to have all required permissions.
Posted 23:40 [permalink]
Normally when you add a member to an Active Directory group you'll simply use the
Add-GroupMember cmdlet from the
ActiveDirectory module. Except when you have to do it across domains/forests where the source domain is still running Windows Server 2008 (not R2). As in "no AD PowerShell cmdlets" and "no Active Directory Web Service (ADWS)". *sigh*
Posted 18:25 [permalink]
Sometimes when you try to change the PowerShell execution policy you'll get an error message that the setting was applied, but will be overridden by a setting in another scope:
Set-ExecutionPolicy : Windows PowerShell updated your execution policy successfully, but the setting is overridden by a policy defined at a more specific scope. Due to the override, your shell will retain its current effective execution policy of XXX. …
Execution policies can be defined in five different scopes, from
LocalMachine (least specific) to
MachinePolicy (most specific), where settings in more specific scopes take precedence over settings in less specific scopes. Use
Get-ExecutionPolicy -List to see which scope has which setting.
Posted 22:46 [permalink]
As a system administrator you're sometimes tasked with finding out who the last person logged into a particular computer was, or when a particular person was last logged in on some computer(s).
Windows records this information in the Security eventlog when you enable auditing account logon events.
Posted 16:03 [permalink]
List DFS replication groups:
dfsradmin rg list
List replicated folders in a replication group:
dfsradmin rf list /rgname:<REPL_GROUP>
Posted 15:16 [permalink]
Sometimes you run into a situation where you need to determine the permissions on some directory tree. Be it to document or clean up permissions on the subdirectories of a share, to troubleshoot permission issues due to deleted accounts or groups, or whatever. Manually analyzing permissions is quite tedious, even when using standard tools like
xcacls. The output of
XCACLS.vbs isn't any better, but since it's a script, I considered modifying it to suit my needs … until I took an actual look at the script. I abondoned the thought afterwards.
Posted 20:14 [permalink]
I've been working on a project where I needed to migrate (clone actually, in order to maintain a fallback scenario) virtual machines from external (standalone) Hyper-V hosts to a Hyper-V cluster. The external hypervisors were not members of the same domain as the cluster nodes. The networks were separated by a firewall. A trust relationship between the domains was not desired.
System Center Virtual Machine Manager 2012 (SCVMM) supports this scenario, but there are several steps that must be performed to prepare for the migration.
Posted 20:03 [permalink]
What is backscatter?
When mail servers accept mail and later discover that for some reason they are unable to actually deliver it, RFC 821 specifies that a Non-Delivery Notification (NDN, also known as "bounce") must be sent to the originator of the mail.
However, the "From" address can be spoofed most easily, so there is no guarantee whatsoever that the mail actually originated from that address. In case of a spoofed address, the NDN will be sent to someone who hadn't sent the original mail to begin with. These bounces going back to someone else but the original sender are called "backscatter".
Why is that a problem?
Because spammers tend to send their bulk e-mails to anything that looks even remotely like an e-mail address, the "To" addresses usually include lots of invalid addresses. Therefore spam-runs can cause massive waves of backscatter flooding the mailboxes of those people whose addresses were spoofed in the "From" field. However, it's not sensible to simply block all incoming bounces, because there are legitimate bounces as well.
Posted 22:41 [permalink]
Back in college, one of my software engineering classes was a project to develop a simple 3D engine without resorting to existing 3D routines. The implementation of my group was done in Java, because that way it was rather easy to implement the GUI, and the requirements were simple enough to be met by contemporary hardware. It's probably not really helpful to anyone, but it was fun to do, so I'm posting it anyway.
Posted 18:47 [permalink]