Stoppt die Vorratsdatenspeicherung! Jetzt klicken & handeln!Willst du auch bei der Aktion teilnehmen? Hier findest du alle relevanten Infos und Materialien:

six demon bag

Wind, fire, all that kind of thing!


Reset VSS Writers

VSS writers are application-specific components for Microsoft's Volume Shadow Copy Service, which ensure the consistency of application data when a shadow copy is created. That's quite useful for creating consistent backups of a system. However, some of these writers go into error states more or less frequently. And Microsoft did not deem it necessary to document how to reset writers without rebooting the entire system (or at least I didn't manage to find that piece of information).

See more ...

Posted 12:10 [permalink]


Transfer Active Directory Site Subnets

A while ago I had to take a couple hundred subnets (don't ask) of an Active Directory site in one domain and re-create them in another domain. Doing that manually would've been a real pain. But if you export the subnets to a file the list can easily be transferred to the other domain and imported there.

See more ...

Posted 17:42 [permalink]


Adding Group Members Across Domains

Normally when you add a member to an Active Directory group you'll simply use the Add-GroupMember cmdlet from the ActiveDirectory module. Except when you have to do it across domains/forests where the source domain is still running Windows Server 2008 (not R2). As in "no AD PowerShell cmdlets" and "no Active Directory Web Service (ADWS)". *sigh*

See more ...

Posted 18:25 [permalink]


PowerShell Execution Policy Scopes

Sometimes when you try to change the PowerShell execution policy you'll get an error message that the setting was applied, but will be overridden by a setting in another scope:

Set-ExecutionPolicy : Windows PowerShell updated your execution policy successfully, but the setting is overridden by a policy defined at a more specific scope. Due to the override, your shell will retain its current effective execution policy of XXX. …

Execution policies can be defined in five different scopes, from LocalMachine (least specific) to MachinePolicy (most specific), where settings in more specific scopes take precedence over settings in less specific scopes. Use Get-ExecutionPolicy -List to see which scope has which setting.

See more ...

Posted 22:46 [permalink]


Domain Password Change in Remote Desktop Sessions

At work we're connecting to customer systems through a jump station. This creates the problem that for domain password changes on the customer systems I can't open the Windows Security dialog/screen via either Ctrl-Alt-Del (shows the one on the local computer) or Ctrl-Alt-End (shows the one on the jump station).

See more ...

Posted 23:14 [permalink]


Some Useful DFS Commands

List DFS replication groups:

dfsradmin rg list

List replicated folders in a replication group:

dfsradmin rf list /rgname:<REPL_GROUP>

See more ...

Posted 15:16 [permalink]


Import other script files in VBScript

The VBScript language doesn't provide a feature for including other code files, so you can't easily build and import code libraries. However, the missing feature can be emulated using the ExecuteGlobal statement in a custom Import procedure.

See more ...

Posted 14:00 [permalink]


TSM BA Client 6.4 on Debian

Although IBM doesn't officially support its TSM client on Linux distributions other than SLES and RHEL the client works quite nicely on Debian. With version 6.4 you need at least the following 4 packages on AMD64 systems:

  • TIVsm-BA
  • TIVsm-API64
  • gskcrypt64
  • gskssl64

See more ...

Posted 00:46 [permalink]


Creating blank VMs for PXE boot

For a customer project I had to create a couple dozen virtual machines on our Hyper-V cluster. The machines were to be installed via a 3rd party software deployment system (the customer doesn't use SCCM), so I had to assign static MAC addresses and enable PXE boot. The respective reservations on the DHCP server had to be created from the MAC addresses in a second step, because the customer domain is separated from the infrastructure domain.

See more ...

Posted 11:09 [permalink]


Importing VMs From external Hyper-V Hosts

I've been working on a project where I needed to migrate (clone actually, in order to maintain a fallback scenario) virtual machines from external (standalone) Hyper-V hosts to a Hyper-V cluster. The external hypervisors were not members of the same domain as the cluster nodes. The networks were separated by a firewall. A trust relationship between the domains was not desired.

System Center Virtual Machine Manager 2012 (SCVMM) supports this scenario, but there are several steps that must be performed to prepare for the migration.

See more ...

Posted 20:03 [permalink]


Active Directory Documentation

When you inherit an existing (usually home-grown) Active Directory, it can be a real pain to figure out how the thing was actually configured by the previous admin(s). In a situation like that it's kinda nice to have a tool at hand that'll do the dirty work for you.

Of course there's pay-ware like ADscribe, but personally I find $99 kinda expensive for something you're going to use every other decade (or so). Microsoft's own Active Directory Topology Diagrammer is freeware (well, sort of, since it requires Visio), but it has to be installed, and the results weren't that convincing when I tried to run it from outside the target domain.

See more ...

Posted 21:37 [permalink]


Backscatter protection

What is backscatter?

When mail servers accept mail and later discover that for some reason they are unable to actually deliver it, RFC 821 specifies that a Non-Delivery Notification (NDN, also known as "bounce") must be sent to the originator of the mail.

However, the "From" address can be spoofed most easily, so there is no guarantee whatsoever that the mail actually originated from that address. In case of a spoofed address, the NDN will be sent to someone who hadn't sent the original mail to begin with. These bounces going back to someone else but the original sender are called "backscatter".

Why is that a problem?

Because spammers tend to send their bulk e-mails to anything that looks even remotely like an e-mail address, the "To" addresses usually include lots of invalid addresses. Therefore spam-runs can cause massive waves of backscatter flooding the mailboxes of those people whose addresses were spoofed in the "From" field. However, it's not sensible to simply block all incoming bounces, because there are legitimate bounces as well.

See more ...

Posted 22:41 [permalink]