Quantcast
Channel: a sysadmin'z hard dayz
Viewing all 91 articles
Browse latest View live

XenServer PCI Passthrough

$
0
0
You should have heard about SR-IOV or PCI passthrough. Everything has been said about these technologies so nothing new here. This is just a simple bookmark, or, if you will, yet another copy-paste.

Xen PCI Passthrough

PCI passthrough allows you to give control of physical devices to guests: that is, you can use PCI passthrough to assign a PCI device (NIC, disk controller, HBA, USB controller, firewire controller, soundcard, etc) to a virtual machine guest, giving it full and direct access to the PCI device.
This has several potential uses, including the following:
  • One of the major overheads of virtual networking is the unavoidable overhead of copying; passing through a network card directly completely avoids this overhead.
  • Passing through graphics cards to guests allows them full access to the 3D acceleration capabilities. This can be useful not only for desktops, but also to enable Virtual Desktops for high-end CAD users, for example.
  • You can set up a Driver Domain, which can increase both security and reliability of your system. 
Pic taken from Red Hat
The whole article is at Xen wiki

IPSET for heavy use

$
0
0
What is ipset?
According to the official page: "IP sets are a framework inside the Linux 2.4.x and 2.6.x kernel, which can be administered by the ipset utility. Depending on the type, currently an IP set may store IP addresses, (TCP/UDP) port numbers or IP addresses with MAC addresses in a way, which ensures lightning speed when matching an entry against a set."
It's worth mentioning that this cool tool is mainly written by Jozsef Kadlecsik who is from Hungary.
Why and when to use ipset?
If you have plenty of IP rules in your iptables and their number is growing, one day you are going to experience a heavy performance drop. In practice if you have more than ca. ~1000-1500 rules you should worry about this. Anyway, it's more neater to use ipset above dozens of sets.
How does it work? 
You don't have to know and don't want to know. It's enough to know that it generates hashes from the rules and flipping thru these hashes is so efficient that it doesn't matter how many rules you have, the fastness of searching the whole set remains almost the same.
How to use?
For beginners
 
Assuming you have a modern .deb based distro, here are some simple steps.
apt-get update
apt-get install ipset

ipset create SET1 hash:net (for example)

ipset add SET1 91.83.231.25 (for example)
ipset add SET1 80.249.172.0/24 (for example)
iptables -I INPUT -m set --match-set SET1 src -j DROP (to drop all matching packets)
To save all your sets:
ipset save > backupfile
To delete:
ipset del SET1 91.83.231.25 - deletes a single line from a set
ipset flush SET1 - deletes a whole set
ipset destroy - deletes all the sets
BEFORE deleting a set you should delete the links in your iptables pointing to your set, e.g.
iptables -D INPUT -m set --match-set SET1 src -j DROP
To see your sets in different ways:
ipset -n list
ipset -t list
ipset list

To check if an IP address exists in a set:
ipset test 10.10.10.10

To restore your sets (assuming that sets in the file don't exist already)
ipset restore < mybackupfile

Some tricks

To create a new ruleset being the type of hash (thats the type because you want ipset, more info here), append some addresses to it and deny them based on the source IP address.
ipset -N set2 hash
ipset -A set2 10.10.10.0/24
ipset -A set2 80.249.172.62
iptables -A INPUT -m set --myset set2 src -j DROP
To fast delete a rule (don't forget to delete the relevant iptables rule before)
ipset -F set2
ipset -X set2 
or simply:
ipset f  
ipset x
To auto-deny a host that wants to connect to your SSH port is so simple that:
ipset -N denied hash
iptables -A INPUT -p tcp --dport 22 -j SET --add-set
denied src
iptables -A INPUT -m set --set
denied src -j DROP

To block IP addresses based on geo location (country) here is a simple shellscript:
#!/bin/sh
ipset -N geoblock nethash
for IP in $(wget -O – http://www.ipdeny.com/ipblocks/data/countries/{cn,kr,pk,tw,sg,hk,pe}.zone)
do
ipset -A geoblock $IP
done

iptables -A INPUT -m set –set geoblock src -j DROP

More advanced WAN/LAN/DMZ firewall example

We define our client (source) IPs and ports they want to communicate to. We define our server IP address and ports. We allow established tcp sessions. Here, things are getting interesting.
We allow all packets coming in my external (internet) interface heading towards to my dmz server ip address and ports. (see dst,dst. That means destination IPANDdestination port. (Here HTTP and HTTPS and udp only DNS)
Then we allow our LAN clients to access the internet web based on src,dst. (source IP address and destination port). In our case, anyone in the LAN can browse the web but only 192.168.0.10 can use https.
In the last line we allow our trusted administrator to connect to tcp ports 22020 to 22022 anywhere in our system.
ipset n myservers hash:ip,port
ipset n lanusers hash:ip,port
ipset n remoteadmin hash:ip,port
ipset a dmzservers 195.195.195.195,http
ipset a dmzservers 195.195.195.195,https
ipset a dmzservers 195.195.195.195,udp:53
ipset a lanusers 192.168.0.0/24,http
ipset a lanusers 192.168.0.10,https
ipset a remoteadmin 82.112.112.112,tcp:22020-22022
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i $EXTERNAL -m set --match-set dmzservers dst,dst -m state --state NEW -j ACCEPT 
iptables -A FORWARD -i $INTERNAL -m set --match-set lanusers src,dst -m state --state NEW -j ACCEPT
iptables -A FORWARD -i $EXTERNAL -m set --match-set remoteadmin src,dst -m state --state NEW -j ACCEPT

Exchange 2010 mailbox restore

$
0
0
Let's say you have a user who has accidentally deleted all her emails and you have no other way (but you should!) to restore them. Luckily enough, you have a full Exchange backup made by Windows Server Backup. Here is the fastest way:
1. Create C:\MyRec
2. Start WSB Recovery Wizard, select "Applications", "Exchange", select your relevant Exch backup and "Restore to other location" -> C:\MyRec
3. Navigate to your C:\MyRec\[..recovered folder..]\ mailbox folder, start an elevated command prompt and type eseutil /MH "Mailbox Database [numbers].edb"
3.a: If you  see a line "State: Dirty Shutdown" you have to do a eseutil /R E00 /i /d being in the mailbox directory above.
3.b: Do a eseutil /MH ... again and if you get a "State: Clean Shutdown" you are out of the water.
4. Unfortunately, you have to create a dedicated Recovery Database: Start an Exchange Management Shell and run: New-MailboxDatabase –Recovery –Name MyRecDB –Server MyTestServer –EDBFilePath C:\MyRec\[..recovered folder...]\"Mailbox Database [numbers].edb" –LogFolderPath C:\MyRec\[...recovered folder..]\
5: Bring online the new database with the GUI (Exchange Management Console): In the tree open Organization Configuration/Mailbox. You should see MyRecDB here with dismounted status. Mount it.


6. In the Exchange Shell, type: GetMailboxStatistics -Database -MyRecDB
7: Check if your username apears
8. Type: RestoreMailbox -Identity "Your username here from the list" -RecoveryDatabase MyRecDB and type Yes
9. Mailbox content of your user has been recovered into the root of her original mailbox. Problem solved. 

PS: I noticed that someone already made a more decent blog about this issue. I find it ubercool so you definitely want to check it out.
PS2: Get email level recovery (PST) advice here.


The Big Camera Video Comparison Test

$
0
0
I've been looking for a new camera for a long time. I'm unsure what I want but its video capabilities has to be outstanding. I need the best Full HD video quality at the lowest price. Of course, I'm also very picky about photo quality being an experienced photographer. In addition, it has to to have at least 5x optical zoom. I don't need GPS and Wi-Fi but could make use of the latter. I don't need hotshoes either but like the touchscreens. I love viewfinders but I can live without them. I don't care about numbers of megapixels, although it could be important when you compare a 12MP camera to a 20MP. (Because manual downsizing a 20MP pic to 12MP could result way better picture than a native 12MP camera could take.) I'm not a fan of any manufacturer and believe in no one's review. I wanted to see real life photos and videos with my own eyes while ignoring very scientific photos taken in laboratories.
I've read hundreds of reviews and tests on the net. I've seen thousands of sample photos (seeing in full size at a minimum of 3000x2000 or more) and 1080p videos. All the videos are taken from youtube to eliminate the possible differences caused by different web provider compression algorithms.
 The big problem is most of the tests and reviews didn't put enough emphasis on video quality, especially not on comparisons between various cameras. I can understand why: it's a huge work and the result is expected to be unreliable.
I'm willing to pay from $300 to $700 for an all-rounder camera. It should be as small as possible but if I find that only a DSLR can fulfill my requirements, I'll go along. I want to buy it in Hungary in HUF so they are approximately between 70.000 and 150.000 HUF.
As you can see there are premium compacts, compact superzooms, bridge superzooms and entry level MILCs and DSRLs on my list, made on long and hard research. These are the best and affordable cameras in 2013.
For reference video quality, I appointed Sony RX100 (allegedly one of the best compacts reachable) and Canon 700D (has by far the best video I've seen so far) and Nikon D7100. All the others are compared to these ones first and to each other second. So here they are.

        model                            price in HUF (x1000)

Sony DSC-HX20 80
Sony DSC-HX50115
Sony DSC-HX200100
Nikon Coolpix P7700117
Canon Powershot S110  84
Panasonic Lumix TZ40 95
Canon PowerShot SX280 HS 87
Sony RX100178
Nikon Coolpix P330  90
Panasonic Lumix LX7140
Sony Cybershot DSC-HX300130
Panasonic Lumix FZ200130
Canon PowerShot SX50 HS141
Sony NEX-3N122 (16-55mm)
Canon EOS-M125 (18-55mm)
Olympus Pen EP-M1120 (14-150mm)
Canon Powershot G15122
Fuji Finepix HS50132
Sony Alpha A37(used)175 (18-180mm)

This review is meant to be very unique and the statements are all subjective. Read it at your own risk.


Video tests

Fuji Finepix HS50
Video quality: Video at the wide end lacks of details, seems like muddy. For its price it's poor, compared to others in ultrazoom bridge class. To my surprise going to the telephoto zoom end it becomes somewhat nicer and sharper.
Technical: Has an outstanding viewfinder and a full tilting screen and has better pictures than Nikon P520 (which isn't in this test) but sadly, OUT.
5.5/10

Sony RX100
Video:  Sorry folks but it sucks at its price. Narrowly better than an Iphone. Anyway, it was too expensive for a compact for me. OUT
5.5/10

Nikon Coolpix P7700
Video: Nice and strong colours but the autofocus sometimes gets uncertain on what to do and the contrast is still not good enough to beat S110. I expected more from it. Nearly OUT but I wanna see its performance on other fields.

6/10

Canon Powershot G15
Video: Unbelievable superb quality, nice macro, fast and intelligent autofocus, razor sharp contrast. Fascinating.
Technical: Viewfinder. WiFi, GPS. Continous shooting is poor.
8/10

Sony DSC-HX20
Video: Brilliant colours if it has enough light. However, contast could be better tho. Anyway, I like it a lot. Anyone who still has HX9V DO NOT SELL it because it had far greater video quality! (Yeah. Triple checked.)
7/10

Sony DSC-HX50
Video: It's a shocking fact that hx50 has a loss on quality compared to hx20. Moreover, it's too expensive seeing HX20 low price. I don't care the larger zoom. Its still pictures are also disagreeable. OUT
6/10

Panasonic Lumix TZ40
Video: Very well balanced natural colours and confident on focus. Although it should be sharper.
Technical: Aperture is as bad as f/3.3-f/6.4. 20x zoom. Handgrip. WiFi and GPS. Touchscreen. 3cm macro, HDR, Panorama. Great battery but no RAW.
6.5/10

Canon Powershot S110
Video: Awesome  quality. A lot better than Sony RX100 or Nikon 7100 videos but half way behind 700D. Very high contrast, fast autofocus and vivid colours. In addition, not a single trace of any kind of interlacing while fast moving the camera.
Technical: Touchscreen, WiFi, no GPS receiver. Zoom: 5x. Maximum aperture is f/2.0. (At 120mm: f/5.9)
7.5/10

Canon Powershot SX280
Video: Sharp contrast, fast autofocus, no waves. Canon is doing something very well in its cameras.

6.5/10

Nikon Coolpix P330
Video: Solid picture but somehow washed out and autofocus is totally dumb. Very similar to P7700.
Technical: It's worth mentioning that it's capable to make very good still images with its f/1.8 lenses and its macros are great but for its video performance: OUT
5.5/10

Sony HX200
Video: seems like a little, hmm veiled. Not so bad.
Technical: Has a tilting screen and 30x optical zoom but no RAW capability. (Nearly out but realy dunno yet, let's see its picture quality. Hmmm. Its pixels are just like mosaics. Almost as bad as HX50.) OUT
6.5/10

Sony DSC-HX300
Video: Despite of its bigger lenses, a bit more blurred and dirty then HX200.
Technical: It's more heavier and bigger and more expensive but I don't need its extra features. (But I care what I lose after HX200, e.g. intelligent eyefinder.) OUT
6/10

Panasonic Lumix FZ200
Video: Brilliant quality, outstanding contrast, very much top-slr-like. Beats G15.
 8.5/10.

Panasonic LX7
Video: Nice and solid picture but lacks of something. Maybe life. G15 and even S110 still better but that's a close run.
7/10

Sony Nex-3N
Video: Solid, decent but somewhat boring. Not good enough to beat its competitors.
Technical: Besides that, 16-55mm objective has only 3x zoom and I determined that I need at least 5x. So I would have to buy an additional objective and it would be too expensive. No used ones on the market. So OUT.
6.5/10

Canon SX50 HS
Video: I'm sad to say, it's not that much better then Fuji HS50.
Technical: Enormous 50x zoom is simply awesome and it has really decent still picture quality for this range. Anyway, video is poor so OUT.
6/10

Canon EOS M
Video: Face tracking is great and it has very solid picture but contours are expressly cloudy. Disappointing.
Technical: No built-in flash. And it could be too expensive to buy zoom lens. OUT
6/10

Olympus Pen EP-M1
Video: Better then EOS-M. Tends to wave and a bit grainy.  Anyway, interesting.
6.5/10

Sony A37
Video: Has a serious tendency to wave and there is some kind of strange slowness. Not my favourite.
6.5/10
 
Without going any further: more of them are knocked out now because of their bad value for money SEEING from my point of view. Now, let the still picture quality test begin.


Still pictures

To ease the test, I created groups from the cameras and first compared them to each other. It's crying sad but I ruled out Panasonic LX7 because it has only 3.75x zoom. Anyway, its pictures are simply AWESOME. Crystal clear, no noise at all and excellent macros. Way better than FZ200. (LX7 has problems at the corners tho.) For picture quality, this is gonna be my new reference camera along with Canon EOS 700D. All cameras also compared to the reference ones. 
Conclusion so far: Not a big surprise that almost all the ultrazooms are bumped out. Manufacturers can’t (or don’t want to) integrate excellent picture quality, huge zoom, large amount of materials and considerable price. One expection only, unfortunately that’s the most expensive one. 
I've checked the most pictures with ISO 100 and 200 but also investigated higher ISOs around 800. In real life, everyone hates noise so no one wants to take pics above 800. 

Group 1: Heavy compacts  

 Nikon Coolpix P7700
f2-f4 with 7x zoom. WiFi, fully articulated screen. Handgrip. Lots of controls.

Canon Powershot G15
Aperture starts from f/1.8. No WiFi, small viewfinder.
Both camera are so damn good that it’s realy hard to write anything about picture quality. There are lots of comparisons on the net in this subject. Generaly P7700 wins.I agree with that. Nikon has a bit sharper pictures. So what does carry more weights, a viewfinder or an articulated screen, WiFi or better video quality? I hope I'll find the perfect camera for me later in the test because now I would choose P7700 if I had not seen its unlovely video.

Group 2: High end pocket cameras

Panasonic Lumix TZ40
This is actualy a travel zoom but so good that I thought it can be compared to S110. So. Great touchscreen, GPS, WiFi. 20x zoom, 18MP. No RAW. Slo-mo movies. Handgrip.No question it has better pictures than HX20 but also 20% more expensive and still not perfect. 24-480mm. 3 cm macro. f/3.3-6.4. There is also some noticable smooting at higher ISOs but under normal circumstances it definitely gets the clearest picture from the 3 travel zooms. Macro isn’t too impressive.
 


Canon Powershot S110
Can take surely better pictures than TZ40 could. Colours are more vivid, natural and solid. The question is: what is worth more: larger zoom and touchscreen or better picture and video quality? Anyway, both are a way behind FZ200, not to mention LX7.

Group 3: Travel zooms

Sony DSC-HX20
GPS, WiFi. 20x zoom, 18MP. No touchscreen, RAW, aperture priority manual mode. No external battery charger. I’m mainly interested in landscape pictures and as far as I can see HX20 pixels are like to collapse when there are large amount of grass or leaves on the pic. It’s called detail smudging and really ugly. They say if you downsize the pictures it could gone and the pic gets nicer. I’m going to test it.Besides, it has very large dynamic range and that’s good for real life.
25-500mm. 5cm macro distance. WiFi. GPS. No touchscreen. 12MP only but because of that it’s expected to have less noise But according to cameralabs.com: „SX280 HS delivers cleaner images than, say, the Panasonic ZS30 / TZ40, but only at higher sensitivities and you have to look pretty closely to see it. If you generally view your images on-screen at less than 100% or make prints smaller than 10x8in, you'd be hard pushed to spot much if any difference between them”. I can assure this, TZ40 is better. Aperture is f/3.5-6.8. 1080p @ 60 movies. Full and semi-full manual modes for shooting, that's awesome in this class but its battery sucks. Not a clear winner but I would buy this one despite the fact that I really like Sony's video. 

Group 4: SLR likes 

Panasonic Lumix FZ200
Too bad to say this but FZ200 too small in this class. Not enough color and contrast here.


Olympus Pen EP-M1

Sony A37

Not a big surprise, it easily beats both the others. But even a used one costs at least 20% more. (With at a least 5x zoom lenses)

So, considering only the still picture capabilites, here is the reverse order of this round:


1. Sony DSC-HX20
2. Canon Powershot SX280
3. Canon Powershot S110
4. Panasonic Lumix TZ40
5. Panasonic Lumix FZ200
6. Canon Powershot G15
7. Nikon Coolpix P7700
8. Olympus Pen EP-M1
9. Sony A37

To be continued...

http://www.digitalcamera-hq.com/articles/hands-on-preview-panasonic-g5-fz200-and-lx7
 

The Big Photo Camera Video Comparison Test

$
0
0


I've been looking for a new camera for a long time. I'm unsure what I want but its video capabilities has to be outstanding. I need the best Full HD video quality at the lowest price. Of course, I'm also very picky about photo quality. (being an experienced photographer.) In addition, it has to to have at least 5x optical zoom. I don't need GPS and Wi-Fi but could make use of the latter. I don't need hotshoes either but like the touchscreens. I love viewfinders but I can live without them. I don't care about numbers of megapixels, although it could be important when you compare a 12MP camera to a 20MP. (Because manual downsizing of a 20MP pic to 12MP could result way better picture than a native 12MP camera could take.) I'm not a fan of any manufacturer and believe in no one's review. I wanted to see real life photos and videos with my own eyes while ignoring very scientific photos taken in laboratories.
I've read hundreds of reviews and tests on the net. I've seen thousands of sample photos on flickr and so on (seeing in full size at a minimum of 3000x2000 or more) and 1080p videos. All the videos are taken from youtube to eliminate the possible differences caused by different web provider compression algorithms.
 The big problem is most of the tests and reviews didn't put enough emphasis on video quality, especially not on comparisons between various cameras. I can understand why: it's a huge work and the result is supposed to be unreliable.
I'm willing to pay from $300 to $700 for an all-rounder camera. It should be as small as possible but if I find that only a DSLR can fulfill my requirements, I'll go along. I want to buy it in Hungary in HUF so they are approximately between 70.000 and 150.000 HUF.
As you can see there are premium compacts, compact superzooms, bridge superzooms and entry level MILCs and DSRLs on my list, made on long and hard research. These are the best and affordable cameras in 2013.
For reference video quality, I appointed Sony RX100 (allegedly one of the best compacts reachable) and Canon 700D (has by far the best video I've seen so far) and Nikon D7100. All the others are compared to these ones first and to each other second. So here they are.

        model                            price in HUF (x1000)
Sony DSC-HX20
 80
Sony DSC-HX50
115
Sony DSC-HX200
100
Nikon Coolpix P7700
117
Canon Powershot S110
  84
Panasonic Lumix TZ40
 95
Canon PowerShot SX280 HS
 87
Sony RX100
178
Nikon Coolpix P330
  90
Panasonic Lumix LX7
140
Sony Cybershot DSC-HX300
130
Panasonic Lumix FZ200
130
Canon PowerShot SX50 HS
141
Sony NEX-3N
122 (16-55mm)
Canon EOS-M
125 (18-55mm)
Olympus Pen EP-M1
120 (14-150mm)
Canon Powershot G15
122
Fuji Finepix HS50
132
Sony Alpha A37(used)
175 (18-180mm)

This review is meant to be very unique and the statements are all subjective. Read it at your own risk.

Video tests


Video quality: Video at the wide end lacks of details, seems like muddy. For its price it's poor, compared to others in ultrazoom bridge class. To my surprise going to the telephoto zoom end it becomes somewhat nicer and sharper.
Technical: Has an outstanding viewfinder and a full tilting screen and has better pictures than Nikon P520 (which isn't in this test) but sadly, OUT.
5.5/10
Video:  Sorry folks but it sucks at its price. Narrowly better than an Iphone and its price is killing. For a compact camera it's too expensive for me. (note that its still pictures and build quality are just crushing outstanding but this is about the video.) OUT
5.5/10
Video: Nice and strong colours but the autofocus often gets uncertain on what to do and the contrast is still not good enough to beat S110. I expected more from it. Nearly OUT but I wanna see its performance on other fields.
6/10
Video: Unbelievable quality, nice macro, fast and intelligent autofocus, razor sharp contrast. Fascinating.
Technical: Viewfinder. WiFi, GPS. Continous shooting is poor.
8/10
Video: Brilliant colours if it has enough light. Contast could be better tho. I like it a lot. Anyone who still has HX9V DO NOT SELL it because it had more greater video quality! (Yeah. Triple checked.)
7/10
Video: It's a shocking fact that hx50 has a loss on quality compared to hx20. Moreover, it's too expensive seeing HX20 low price. I don't care the larger zoom. Its still pictures are also disagreeable. OUT
6/10
Video: Very well balanced natural colours and confident on focus. Although it should be sharper.
Technical: Aperture is as bad as f/3.3-f/6.4. 20x zoom. Handgrip. WiFi and GPS. Touchscreen. 3cm macro, HDR, Panorama. Great battery but no RAW.
6.5/10
Video: Awesome  quality. A lot better than Sony RX100 or Nikon 7100 videos but half way behind 700D. Very high contrast, fast autofocus and vivid colours. In addition, not a single trace of any kind of interlacing while fast moving the camera.
Technical: Touchscreen, WiFi, no GPS receiver. Zoom: 5x. Maximum aperture is f/2.0. (At 120mm: f/5.9)
7.5/10

Video: Sharp contrast, fast autofocus, no waves. Canon is doing something very well in its cameras.
6.5/10
Video: Solid picture but somehow washed out and autofocus is totally dumb and annoying. Very similar to P7700.
Technical: It's worth mentioning that it's capable to make very good still images with its superb f/1.8 (24-120mm, f/1.8-5.6) lenses and its macros are great but for its video performance: OUT
5.5/10
Video: seems like a little, hmm veiled. Not so bad.
Technical: Has a tilting screen and 30x optical zoom but no RAW capability. (Nearly out but realy dunno yet, let's see its picture quality. Hmmm. Its pixels are just like mosaics. Almost as bad as HX50.) OUT
6.5/10
Video: Despite its bigger lenses, a bit more blurred and dirty then HX200.
Technical: It's more heavier and bigger and more expensive but I don't need its extra features. (But I care what I lose after HX200, e.g. intelligent eyefinder.) OUT
6/10
Video: Brilliant quality, smooth contrast. Better than G15's video.
 8.5/10.
Video: Nice and solid picture but lacks of something. Maybe life. G15 and even S110 still better but that's a close run.
7/10
Video: Solid, decent but not good enough to beat the best ones. 
Technical: Besides that, 16-55mm objective has only 3x zoom and I determined that I need at least 5x. So I would have to buy an additional objective and it would be too expensive. No used ones on the market,yet. So OUT.
6.5/10
Video: I'm sad to say, it's not that much better then Fuji HS50.OUT.
Technical: Enormous 50x zoom is awesome and it has really decent still picture quality for this range.
6/10
Video: Face tracking is great and it has very solid picture but contours are expressly cloudy. Disappointing.
Technical: No built-in flash. And it could be too expensive to buy zoom lens. OUT
6/10

Olympus Pen EP-M1 

Video: Better then EOS-M. Tends to wave and a bit grainy.  Anyway, interesting.
6.5/10
Video: Has a serious tendency to wave and there is some kind of strange slowness. Not my favourite.
6.5/10
 
Without going any further: more of them are knocked out now because of their bad value for money SEEING from my point of view. Now, let the still picture quality test begin.

Still pictures


To ease the test, I created groups from the cameras and first compared them to each other. It's crying sad that I ruled out Panasonic LX7 because it has only 3.75x zoom. Anyway, its pictures are simply AWESOME. I can state that it as good as Sony RX100. No argue. Crystal clear, no noise at all and excellent macros. Way better than FZ200. (LX7 has problems at the corners tho.) For picture quality, this is going to be my new reference camera along with Canon EOS 700D. All cameras also compared to the reference ones. 
Conclusion so far: Not a big surprise that almost all the ultrazooms are bumped out. Manufacturers can’t (or don’t want to) integrate excellent picture quality, huge zoom, large amount of materials and considerable price. One expection only, unfortunately that’s the most expensive one. 
I've checked most pictures with ISO 100 and 200 but also investigated higher ISOs around 800. In real life, everyone hates noise so no one wants to take pics above 800. 

Group 1: Heavy compacts  
f2-f4 with 7x zoom. WiFi, fully articulated screen. Handgrip. Lots of controls.

Canon Powershot G15
Aperture starts from f/1.8. 5x zoom.
Both camera are so damn good that it’s realy hard to write anything about picture quality. There are lots of comparisons on the net on this subject. Generally P7700 wins.I agree with that. Nikon has a bit sharper pictures. So what does carry more weights, a viewfinder or an articulated screen, better photo or better video quality? I hope I'll find the perfect camera for me later in the test because now I would choose P7700 if I had not seen its unlovely video.

Group 2: Touchscreen pocket cameras

Panasonic Lumix TZ40
This is actualy a travel zoom but so good that I thought it can be compared to S110. So. Great touchscreen, GPS, WiFi. 20x zoom, 18MP. No RAW. Slo-mo movies. Handgrip.No question it has better pictures than e.g. Sony HX20 but also 20% more expensive and still not perfect. 24-480mm. 3 cm macro. f/3.3-6.4. There is also some noticable smooting at higher ISOs but under normal circumstances it definitely gets clear picture. 
Takes surely better pictures than TZ40 can. Colours are more vivid, natural and solid. The question is: what is worth more: larger zoom, better touchscreen, better picture or video quality? Anyway, both are a way behind FZ200, not to mention LX7.

Group 3: Travel zooms
GPS, WiFi. 20x zoom, 18MP. No touchscreen, RAW, aperture priority manual mode. No external battery charger. I’m mainly interested in landscape pictures and as far as I can see HX20 pixels are like to collapse when there are large amount of grass or leaves on the pic. It’s called detail smudging and just ugly. They say if you downsize the pictures it could gone and the pic gets nicer. I’m going to test it.Besides, it has very large dark/light dynamic range and that’s good for real life.
25-500mm. 5cm macro distance. WiFi. GPS. No touchscreen. 12MP only but because of that it’s expected to have less noise But according to cameralabs.com: „SX280 HS delivers cleaner images than, say, the Panasonic ZS30 / TZ40, but only at higher sensitivities and you have to look pretty closely to see it. If you generally view your images on-screen at less than 100% or make prints smaller than 10x8in, you'd be hard pushed to spot much if any difference between them”. Aperture is f/3.5-6.8. 1080p @ 60 movies. Full and semi-full manual modes for shooting, that's awesome in this class but its battery sucks. Not a clear winner but I would buy this one despite the fact that I liked Sony's videos. 

Group 4: Big ones
I was wrong to put in here. FZ200's performance is not enough to bring it together with the two other ones below.

Olympus Pen EP-M1(14-150mm)  
It's great! And I like it. It looks very funny with its small body and the huge lenses. It has no built-is flash but all the kits include an external one. It's a.... real gadget.

Sony A37
Not a big surprise, easily beats both the others. But even a used one costs at least 20% more. (With at least 5x zoom lenses)

So, considering only the still picture capabilites, here is the reverse order of this round:
 Sony DSC-HX20 << Panasonic Lumix TZ40 < Canon Powershot SX280 < Panasonic Lumix FZ200 < Canon Powershot S110 < Canon Powershot G15 < Nikon Coolpix P7700 << Olympus Pen EP-M1 < Sony A37


At now, I think I have to rule out the first and the last. Moreover, there needs to be some serious consideration given to my real purpose. I mentioned that I would prefer a real pocket camera with small dimensions. Besides, a full articulated screen, a touchscreen and a viewfinder each scores a plus point. 
It's obvious that there can't be such a camera. °.°
Beyond any doubt both G15 and P7700 have outstanding picture quality. However, P7700 is better at taking high-quality pictures, plus it has an articulated screen and larger optical zoom. Unfortunately its video performance is disappointing. I would opt for it if it wouldn't be so.
I'm pretty sure that any of them I would choose I would be displeased after all. You know this, don't you. Arghh. We have to admint that both of them are too big to be a packet camera. At this point I think I must be wise and rule them both out. I'd better move on from this heavy compact category altogether. It's a painful decision! Crazy but true. FZ200 is still playing because it has viewfinder and screen, also it has a large zoom so it could be a real allrounder camera. (apart from the "pocket" criteria).


So, let's see who is still here:

I've checked the video qualities again and recently seen some so depressingly bad Olympus Pen EP-M1 videos that I think I have to exclude it from further consideration. Later I'm going to test it in a shop because I'm not entirely sure what to do.

Update 1# I've got the feeling that in the end I'll need not just one but two cameras because "a perfect for me" does not exist. Yeah, I knew that when I started this test but there is always a chance of a big deal. One always keep on hoping.

Enough of philosophy. S110 doesn't have a handgrip which is a big minus for it. But it has a cool adjuster ring around its lense and a multitouch screen. But it's not enough to beat TZ40 and SX280's 20x zoom. TZ40 has slightly weaker pictures than Canon compacts but it has a cool touchscreen and also a big battery.

Some words about FZ200. There is much hype about it but I think its still picture quality is not that better than it should be with this huge lenses and body. (Compared to the pocket ones.) Seeing its landscape photos with trees and lots of details I can state that they are disappointing. Also, it's very expensive with its towering reputation. They say it has a f/2.8 both at wide and telephoto end. That's cool, isn't it. The fact is on real world tele photos I coudn't see anything that would be so cool. I've seen many nature photos made by this camera and I know Bence Mathe (famous Hungarian nature photographer) also used this camera. But he is a professional and I think even a Canon SX50HS could take these exact pictures at the zoom of 24x - or take them better. Speaking about the FZ200 macros, they could be awesome with their 1cm closest point. (note that these pictures are enhanced)

So, here comes the

FINAL ROUND


 The competitors are:

Panasonic Lumix TZ40
[94.000 HUF]
"Sony Cyber-shot WX300 and Canon PowerShot SX270 / SX280 all share the same sized 3in screens as the Panasonic TZ40 / ZS30, but with a lower 460k resolution compared to 920k on the Lumix. Sony and Canon still also see touchscreens as a specialist technology for certain models as opposed to Panasonic which I believe would deploy them on every model if it could. As such, the TZ40 / ZS30 is the only one of its main pocket super-zoom peer group to offer a touch-screen, and despite my reservations noted above, this really gives it a genuine advantage over the competition. [...] Now Panasonic has upgraded it on the TZ40 / ZS30 with two options, filming at 200fps in VGA (640x480) or 100fps in 720p HD (1280x720). These clips are then played back at 25fps, thereby slowing down the action by eight or four times respectively. Like other slow motion modes, there's no audio captured, and stabilisation is also disabled. I'm really pleased to find Panasonic upgrading the slow motion quality modes with two genuinely usable options" (cameralabs.com)

"Photos looked superb when resized to fit a 1080p screen but zooming in or heavily cropping revealed their limitations. Image quality was inevitably at its best in bright conditions at modest zoom positions, but even then, subtle textures such as skin and foliage looked somewhat featureless, save for a light sprinkle of noise. It got progressively worse as the ISO speed increased in diminishing light – or when shooting at the long end of the zoom in overcast weather. However, the digital processing did a fine job of handling the rising noise levels, and it was only at ISO 1600 that noise reduction became really intrusive. [...]We wish that Panasonic had resisted the temptation to use an 18-megapixel sensor. We'd happily settle for less detail for the sake of less noise. " (expertreviews.com)

Panasonic Lumix FZ200
[144.000 HUF]
[......]

Canon Powershot SX280
[84.000 HUF]
 "The full extent of the 20x optical zoom can also be deployed when shooting movies, its ultra quiet transition meaning that the built-in microphone doesn't pick up operational buzzes, the usual reason for manufacturers disabling the zoom. Focus is automatically adjusted as the user zooms in or out, which, with no alternative manual adjustment ring, means the footage can go soft for a moment or two before the camera locks on target. Canon states that Dynamic Image Stabilisation also kicks in when shooting video to ensure smooth tracking shots, of use when filming whilst walking for example. The SX280 HS records 1920x1080p Full HD movies at 60/30fps with stereo sound, making it one of the few compact cameras currently on the market to offer such good quality, while the Intelligent IS system helps to keep your footage steady." (photographyblog.com) 

(Note: Canon issued a firmware update for the SX280 HS that addresses battery issues when shooting video.) The flash, while in a better place than on models prior to the SX260, still isn't in a great spot. It's motorized and pops up automatically and if your finger happens to be on top of it when it does, it stops and you get a "Wrong flash position, restart camera" warning. (reviews.cnet.com) 


Canon Powershot S110
[85.000 HUF]
"The touch screen is new, though you can't operate the camera completely from it; for instance, you still bring up the shooting options via the Func Set button, but then you can select them via the screen. It does support useful capabilities such as touch shutter and touch focus, however." (reviews.cnet.com) "The Canon PowerShot S110 has a touch focus/shoot option which is on by default. In playback the touchscreen can be used to change the magnification of an image by spreading and pinching two fingers, and switch between images by swiping from side to side, just like on a smartphone." (photographyblog.com) "One useful feature introduced in the S90 is the control ring that surrounds the lens, which the S110 retains. The user can make on-the-fly adjustments to an often-used setting simply by turning it. You can program it to work with only one of several settings, such as exposure compensation (brightness), manual focus, white balance, and zoom."(digitaltrends.com)

Some wise words about touchscreens by digitaltrends.com: "there’s the issue with the touchscreen. It’s very responsive, and it’s fine for playback, selecting items onscreen, punching in our access point’s password, and picking a focus point. But because it’s so large on this small camera, there’s little room for your left-hand fingers to hold onto the camera properly and steadily without nudging on the screen; this is an issue if the touch-shutter function is enabled, as we always inadvertently touch the screen with our knuckle and shot something we didn’t want. (something we encountered with Canon’s EOS M camera)" (S110)

Update 2:
It's hilarious that I simply overlooked top compact cameras which don't have GPS and WiFi and touchscreen, although I stated that I don't need any of them. Okay, a touchscreen would be fun. So, one more model here: Canon SX270 HS. It doesn't have these features but supposedly doesn't suffer from that serious battery issue, see here. Unfortunately in Hungary SX270 costs almost the same that SX280, just some 2000 HUF ($9) difference. :(
There is model from Canon called S100 without touchscreen and wifi but here it's also priced the same as S110.

Conclusion:
???????????


VMware Tools annoyances

$
0
0
Ever faced the problem that you are unable to install a simple VMwaretools package on your newly installed nice Linux? (In this example: 13.04 Ubuntu)
Mount the cd, copy and unpack the tar, start the install script... and so on, you know the order. And be surprised with the message:

Searching for a valid kernel header path... The path "" is not valid. Would you like to change it?[yes]
This looks serious but can be easily solved by:
apt-get install build-essential linux-headers-$(uname -r)
and then
ln -s /usr/src/linux-headers-$(uname -r)/include/generated/uapi/linux/version.h /usr/src/linux-headers-$(uname -r)/include/linux/version.h

We happy Vincent?
Unfortunately we not.
WMvare tools reinstalling process the tells us some sad words:

[...]
Detected the kernel headers at "/lib/modules/3.8.0-19-generic/build/include".
The path "/lib/modules/3.8.0-19-generic/build/include" appears to be a valid
path to the 3.8.0-19-generic kernel headers.
Would you like to change it? [no]

Using 2.6.x kernel build system.
make: Entering directory `/tmp/modconfig-8gevFc/vmci-only'
/usr/bin/make -C /lib/modules/3.8.0-19-generic/build/include/.. SUBDIRS=$PWD SRCROOT=$PWD/. \
          MODULEBUILDDIR= modules
make[1]: Entering directory `/usr/src/linux-headers-3.8.0-19-generic'
  CC [M]  /tmp/modconfig-8gevFc/vmci-only/linux/driver.o
/tmp/modconfig-8gevFc/vmci-only/linux/driver.c:127:4: error: implicit declaration of function ‘__devexit_p’ [-Werror=implicit-function-declaration]
/tmp/modconfig-8gevFc/vmci-only/linux/driver.c:127:4: error: initializer element is not constant
/tmp/modconfig-8gevFc/vmci-only/linux/driver.c:127:4: error: (near initialization for ‘vmci_driver.remove’)
/tmp/modconfig-8gevFc/vmci-only/linux/driver.c:1754:1: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘vmci_probe_device’
/tmp/modconfig-8gevFc/vmci-only/linux/driver.c:1982:1: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘vmci_remove_device’
/tmp/modconfig-8gevFc/vmci-only/linux/driver.c:119:12: warning: ‘vmci_probe_device’ used but never defined [enabled by default]
/tmp/modconfig-8gevFc/vmci-only/linux/driver.c:121:13: warning: ‘vmci_remove_device’ used but never defined [enabled by default]
/tmp/modconfig-8gevFc/vmci-only/linux/driver.c:2063:1: warning: ‘vmci_interrupt’ defined but not used [-Wunused-function]
/tmp/modconfig-8gevFc/vmci-only/linux/driver.c:2137:1: warning: ‘vmci_interrupt_bm’ defined but not used [-Wunused-function]
/tmp/modconfig-8gevFc/vmci-only/linux/driver.c:1717:1: warning: ‘vmci_enable_msix’ defined but not used [-Wunused-function]
cc1: some warnings being treated as errors
make[2]: *** [/tmp/modconfig-8gevFc/vmci-only/linux/driver.o] Error 1
make[1]: *** [_module_/tmp/modconfig-8gevFc/vmci-only] Error 2
make[1]: Leaving directory `/usr/src/linux-headers-3.8.0-19-generic'
make: *** [vmci.ko] Error 2
make: Leaving directory `/tmp/modconfig-8gevFc/vmci-only'
&@#&@##&@&@@@@
Keep calm. Say you unpacked the tools to /usr/
So:
cd /usr/vmware-tools-distrib/
wget http://blog.gnu-designs.com/downloads/vmware-tools-linux-kernel-3.8_vmci_pci_hotplug_struct.patch
tar -xvf lib/modules/source/vmci.tar


Now, your directory looks like:

b# ls -l
drwxr-xr-x  2 root root   4096 jul   14  2012 bin
drwxr-xr-x  2 root root   4096 jul   14  2012 doc
drwxr-xr-x  4 root root   4096 jul   14  2012 etc
-rw-r--r--  1 root root 251898 jul   14  2012 FILES
lrwxrwxrwx  1 root root     13 jul   14  2012 INSTALL -> ./doc/INSTALL
drwxr-xr-x  2 root root   4096 jul   14  2012 installer
drwxr-xr-x 14 root root   4096 jul   14  2012 lib
drwxr-xr-x  5 root root   4096 jul   14  2012 vmci-only
lrwxrwxrwx  1 root root     31 jul   14  2012 vmware-install.pl -> ./bin/vmware-uninstall-tools.pl
-rw-r--r--  1 root root   1285 aug   23 00:10 vmware-tools-linux-kernel-3.8_vmci_pci_hotplug_struct.patch

Patch that driver:

root@server:/usr/vmware-tools-distrib# patch -p0 < /usr/vmware-tools-distrib/vmware-tools-linux-kernel-3.8_vmci_pci_hotplug_struct.patch
patching file vmci-only/linux/driver.c
Repack it.
root@server:/usr/vmware-tools-distrib# tar -cf vmci.tar vmci-only/
Overwrite the original bad one.
root@server:/usr/vmware-tools-distrib# cp vmci.tar lib/modules/source/

One more try! Reinstall now says:

---
Detected the kernel headers at "/lib/modules/3.8.0-19-generic/build/include".
The path "/lib/modules/3.8.0-19-generic/build/include" appears to be a valid
path to the 3.8.0-19-generic kernel headers.
Would you like to change it? [no]

Using 2.6.x kernel build system.
make: Entering directory `/tmp/modconfig-PYbj5R/vmci-only'
/usr/bin/make -C /lib/modules/3.8.0-19-generic/build/include/.. SUBDIRS=$PWD SRCROOT=$PWD/. \
          MODULEBUILDDIR= modules
make[1]: Entering directory `/usr/src/linux-headers-3.8.0-19-generic'
  CC [M]  /tmp/modconfig-PYbj5R/vmci-only/linux/driver.o
  CC [M]  /tmp/modconfig-PYbj5R/vmci-only/linux/vmciKernelIf.o
  CC [M]  /tmp/modconfig-PYbj5R/vmci-only/common/vmciContext.o
  CC [M]  /tmp/modconfig-PYbj5R/vmci-only/common/vmciDatagram.o
  CC [M]  /tmp/modconfig-PYbj5R/vmci-only/common/vmciDoorbell.o
  CC [M]  /tmp/modconfig-PYbj5R/vmci-only/common/vmciDriver.o
  CC [M]  /tmp/modconfig-PYbj5R/vmci-only/common/vmciEvent.o
  CC [M]  /tmp/modconfig-PYbj5R/vmci-only/common/vmciHashtable.o
  CC [M]  /tmp/modconfig-PYbj5R/vmci-only/common/vmciQPair.o
  CC [M]  /tmp/modconfig-PYbj5R/vmci-only/common/vmciQueuePair.o
  CC [M]  /tmp/modconfig-PYbj5R/vmci-only/common/vmciResource.o
  CC [M]  /tmp/modconfig-PYbj5R/vmci-only/common/vmciRoute.o
  CC [M]  /tmp/modconfig-PYbj5R/vmci-only/driverLog.o
  LD [M]  /tmp/modconfig-PYbj5R/vmci-only/vmci.o
  Building modules, stage 2.
  MODPOST 1 modules
  CC      /tmp/modconfig-PYbj5R/vmci-only/vmci.mod.o
  LD [M]  /tmp/modconfig-PYbj5R/vmci-only/vmci.ko
make[1]: Leaving directory `/usr/src/linux-headers-3.8.0-19-generic'
/usr/bin/make -C $PWD SRCROOT=$PWD/. \
          MODULEBUILDDIR= postbuild
make[1]: Entering directory `/tmp/modconfig-PYbj5R/vmci-only'
make[1]: `postbuild' is up to date.
make[1]: Leaving directory `/tmp/modconfig-PYbj5R/vmci-only'
cp -f vmci.ko ./../vmci.o
make: Leaving directory `/tmp/modconfig-PYbj5R/vmci-only'

Using 2.6.x kernel build system.
make: Entering directory `/tmp/modconfig-uWidjn/vmci-only'
/usr/bin/make -C /lib/modules/3.8.0-19-generic/build/include/.. SUBDIRS=$PWD SRCROOT=$PWD/. \
          MODULEBUILDDIR= modules
make[1]: Entering directory `/usr/src/linux-headers-3.8.0-19-generic'
  CC [M]  /tmp/modconfig-uWidjn/vmci-only/linux/driver.o
  CC [M]  /tmp/modconfig-uWidjn/vmci-only/linux/vmciKernelIf.o
  CC [M]  /tmp/modconfig-uWidjn/vmci-only/common/vmciContext.o
  CC [M]  /tmp/modconfig-uWidjn/vmci-only/common/vmciDatagram.o
  CC [M]  /tmp/modconfig-uWidjn/vmci-only/common/vmciDoorbell.o
  CC [M]  /tmp/modconfig-uWidjn/vmci-only/common/vmciDriver.o
  CC [M]  /tmp/modconfig-uWidjn/vmci-only/common/vmciEvent.o
  CC [M]  /tmp/modconfig-uWidjn/vmci-only/common/vmciHashtable.o
  CC [M]  /tmp/modconfig-uWidjn/vmci-only/common/vmciQPair.o
  CC [M]  /tmp/modconfig-uWidjn/vmci-only/common/vmciQueuePair.o
  CC [M]  /tmp/modconfig-uWidjn/vmci-only/common/vmciResource.o
  CC [M]  /tmp/modconfig-uWidjn/vmci-only/common/vmciRoute.o
  CC [M]  /tmp/modconfig-uWidjn/vmci-only/driverLog.o
  LD [M]  /tmp/modconfig-uWidjn/vmci-only/vmci.o
  Building modules, stage 2.
  MODPOST 1 modules
  CC      /tmp/modconfig-uWidjn/vmci-only/vmci.mod.o
  LD [M]  /tmp/modconfig-uWidjn/vmci-only/vmci.ko
make[1]: Leaving directory `/usr/src/linux-headers-3.8.0-19-generic'
/usr/bin/make -C $PWD SRCROOT=$PWD/. \
          MODULEBUILDDIR= postbuild
make[1]: Entering directory `/tmp/modconfig-uWidjn/vmci-only'
make[1]: `postbuild' is up to date.
make[1]: Leaving directory `/tmp/modconfig-uWidjn/vmci-only'
cp -f vmci.ko ./../vmci.o
make: Leaving directory `/tmp/modconfig-uWidjn/vmci-only'
Using 2.6.x kernel build system.
make: Entering directory `/tmp/modconfig-uWidjn/vsock-only'
/usr/bin/make -C /lib/modules/3.8.0-19-generic/build/include/.. SUBDIRS=$PWD SRCROOT=$PWD/. \
          MODULEBUILDDIR= modules
make[1]: Entering directory `/usr/src/linux-headers-3.8.0-19-generic'
  CC [M]  /tmp/modconfig-uWidjn/vsock-only/linux/af_vsock.o
  CC [M]  /tmp/modconfig-uWidjn/vsock-only/linux/notify.o
  CC [M]  /tmp/modconfig-uWidjn/vsock-only/linux/notifyQState.o
  CC [M]  /tmp/modconfig-uWidjn/vsock-only/linux/stats.o
  CC [M]  /tmp/modconfig-uWidjn/vsock-only/linux/util.o
  CC [M]  /tmp/modconfig-uWidjn/vsock-only/linux/vsockAddr.o
  CC [M]  /tmp/modconfig-uWidjn/vsock-only/driverLog.o
  LD [M]  /tmp/modconfig-uWidjn/vsock-only/vsock.o
  Building modules, stage 2.
  MODPOST 1 modules
  CC      /tmp/modconfig-uWidjn/vsock-only/vsock.mod.o
  LD [M]  /tmp/modconfig-uWidjn/vsock-only/vsock.ko
make[1]: Leaving directory `/usr/src/linux-headers-3.8.0-19-generic'
/usr/bin/make -C $PWD SRCROOT=$PWD/. \
          MODULEBUILDDIR= postbuild
make[1]: Entering directory `/tmp/modconfig-uWidjn/vsock-only'
make[1]: `postbuild' is up to date.
make[1]: Leaving directory `/tmp/modconfig-uWidjn/vsock-only'
cp -f vsock.ko ./../vsock.o
make: Leaving directory `/tmp/modconfig-uWidjn/vsock-only'

 [....]

Whooohooooo, bingo!

How to create a new software RAID drive without rebooting

$
0
0
Say you have two drives with existing software raid partitions and some s free spaces on them. They are sda and sdc.

 ~#fdisk /dev/sda
p (to double-check)
n (type the last, not-existing-yet partition number)
t (type the last, half-existing-already partition number)
fd
w

Repeat it with sdc. Then...
:~# mdadm --create --verbose /dev/md3 --level=1 --raid-devices=2 /dev/sda4 /dev/sdc4
mdadm: Cannot open /dev/sda4: No such file or directory
mdadm: Cannot open /dev/sdc4: No such file or directory

Whoops. No need to reboot tho.

 ~#apt-get install parted
 ~#partprobe /dev/sda4

Error: Could not stat device /dev/sda4 - No such file or directory.

Errmmm.

 ~#partprobe /dev/sda
 ~#partprobe /dev/sdc

 ~#ls /dev/sd*
/dev/sda  /dev/sda1  /dev/sda2  /dev/sda3  /dev/sda4  /dev/sdb  /dev/sdb1  /dev/sdc  /dev/sdc1  /dev/sdc2  /dev/sdc3 /dev/sdc4
~# mdadm -Cv /dev/md3 -l1 -n2 /dev/sd{a,c}4
mdadm: size set to 175815296K
mdadm: array /dev/md3 started.

Nice.

 ~# cat /proc/mdstat
Personalities : [raid1]
md3 : active (auto-read-only) raid1 sdc4[1] sda4[0]
      175815296 blocks [2/2] [UU]
        resync=PENDING


No worries about PENDING, just get to start writing onto it.

~# mkfs.ext4 /dev/md3
mke2fs 1.41.3 (12-Oct-2008)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
10993664 inodes, 43953824 blocks
2197691 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=0
1342 block groups
32768 blocks per group, 32768 fragments per group
8192 inodes per group
Superblock backups stored on blocks:
        32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
        4096000, 7962624, 11239424, 20480000, 23887872
Writing inode tables:


Okay, let's see that again.

:~# cat /proc/mdstat
Personalities : [raid1]
md3 : active raid1 sdc4[1] sda4[0]
      175815296 blocks [2/2] [UU]
      [==>..................]  resync = 12.5% (21977472/175815296) finish=37.5min speed=68259K/sec


Wait till resync finishes and mount. Tadam.

Exchange (Public Folder) Powershell tricks (applies to 2010 and 2013)

$
0
0
Say you have a difficult public folder structure and you have to search, for example, quota settings of a folder, in less than five seconds. 
Then do:
get-publicfolder -recurse -resultsize unlimited|where {$_.name -like "First_chars_of_thePF*"}| ft Identity,IssueWarningQuota                                                                                                       

To search based on the email address of the PF (shows lots of details!)
Get-MailPublicFolder "email.address.of.the.PF@yourdomain.com"|fl               

 Modify the quota on the PF:
Set-PublicFolder -identity "\First_level_NAME\Second_level_NAME\3rd_level_NAME" -ProhibitPostQuota 5000MB -IssueWarningQuota 4800MB

Getting some useless data about the PF and its subfolders:              
 Get-PublicFolderStatistics -identity "\First_level_NAME\Second_level_NAME\3rd_level_NAME" -GetChildren| Format-List                                                                

How your databases are called:
Get-MailboxDatabase|ft name,publicfolderdatabase  
 
How your public folders are called:
Get-PublicFolder \ -recurse|ft name,parentpath,replicas

Mailbox
User mailbox size:
Get-MailboxFolderStatistics user.name -FolderScope "Inbox" | Select Name,FolderandSubFolderSize,ItemsinFolderandSubfolders 

More fun on this subject: http://exchangeserverpro.com/reporting-mailbox-folder-sizes-with-powershell/

Yet another awesome collection of Exchange PS commands
http://waynes-world-it.blogspot.com/2013/04/exchange-powershell-commands.html



Keep your session id after redirect or reload

$
0
0
Ever wondered how to keep your original session ID having redirected and reloaded your page?
For me, that was a long run but now here's the deal.
In this example, we have two servers and two methods of how to secure pass and set a session ID.

Server 1: auth.domain.com
Server 2: web.domain.com

You login in a page on auth.domain.com. You have to start your a session with:
<?php
$anything = session_name("nostromo"); // that's the point
session_set_cookie_params(0, '/', '.domain.com'); // It's pretty funny that MSIE will need this but FF and Chrome won't. Triple tested.
session_start();
echo "ID: ".session_id(); // check your id
[.......authentication and other security stuff......]
header ('Location: http://web.domain.com/index.php?'.$mysecurestring ); // mysecurestring contains some encrypted data, including my session_id
?>

On web.domain.com:
<?php
 [...]
if ( isset( $_GET['id'] ) && !empty( $_GET['id'] )){
[....decrypting and validating your data, logging etc...and:]
session_id($my_received_secured_session_id);
   echo '<script>
     window.location = window.location.href.split("?")[0];
        </script>';
}
else {
$anything = session_name("nostromo");
session_start();
echo "We happy Vincent? ".session_id();
    }
?>

Getting work this single piece of code has taken me two hectic days.

Microsoft Windows Server: READ ONLY Domain Controllers ?!

$
0
0
RODC? That's one of the biggest fallacy in the IT I've ever seen. For those who don't know: that's some kind of domain controller to be placed in a branch office where it can be easily stolen.
RODC's don't have writeable LDAP DB locally so they forward all the login requests to a RWDC. Wow how supersecured they are.
Here is where the mystification begin: RODCs still have cached passwords locally so in case hackers gain direct access to the local system passwords - theoretically - could be compromised.
And the largest sechole: passwords and accounts still CAN BE reset, re-enabled or in any way modified against an RODC. In this case an RODC stupidly forward the request to a RWDC and of course RWDC will automatically commit and redistribute the changes because of the confidential relationship between them.
In short: "When the password is changed or reset against an RODC, the RODC will forward the change to a W2K8 RWDC and after that it will automatically inbound replicate the password using the "Replicate Single Object" method assuming the account for which the password was reset/changed is still allowed to be cached/stored."
See more info for example at http://social.technet.microsoft.com/Forums/windowsserver/en-US/198e7c6a-0541-43cf-803f-1259e66fdd80/how-to-know-readonly-domain-controller



Email forwarding

$
0
0
More powershell fun

Setting forward-only to an internal address :
Set-Mailbox -Identity "Joe Cool" -ForwardingAddress "james@mydomain.com"
Setting deliver-and-forward to an internal address :
Set-Mailbox -Identity "Joe Cool" -ForwardingAddress "james@mydomain.com" -DeliverToMailboxAndForward $true
Setting forward to an external address :
New-MailContact -Name "Very Important Dick" -ExternalEmailAddress "dick@vip.com"
Set-Mailbox "Joe Cool" -ForwardingAddress "dick@vip.com"
Listing what mailboxes are set to forward :
Get-Mailbox -Filter { ForwardingAddress -like '*' } | select-object Name,ForwardingAddress
Cancel any type of forwarding:
Set-Mailbox -Identity [our.user@mydomain.com] -DeliverToMailboxandforward $False -ForwardingSMTPAddress $Null -ForwardingAddress $Null
 

ULTIMATE howto for GIT with LDAP auth

$
0
0
There are lots of tutors on this subject but hardy any of them are straigtforward and up-to-date. For me, it took plenty of days to get this disguisting system work on a Debian. (BTW, SVN FTW :))
Note that there are two, I repeat two methods to work with a GIT server: webdav and git-http-backend.
Webdav is nicer and cheaper but it is true it has some drawbacks. 
In the following we will setup a version hosting and control system called git with http-backend and an authentication mechanism against an LDAP server. My internal domain name is ring.local and my external hostname is git.ring-of-fire.com
We will set up a gitweb to ease supervision.
In the end, entering https://git.ring-of-fire.com/web in a browser and having confirmed that you are a member of ring_developers_webadmin, you will have your gitweb console.
Then you enter https://git.ring-of-fire.com/git/YourMightyRepo in your GIT client and identify yourself to be a valid member of the ring_developers LDAP group. Then, successfully authorized... guess what.

What to do in a nutshell.
1
apt-get install....

ii apache2 2.2.22-13+deb7u1 i386 Apache HTTP Server metapackage 
ii apache2-mpm-worker 2.2.22-13+deb7u1 i386 Apache HTTP Server - high speed threaded model 
ii apache2-utils 2.2.22-13+deb7u1 i386 utility programs for webservers 
ii apache2.2-bin 2.2.22-13+deb7u1 i386 Apache HTTP Server common binary files 
ii apache2.2-common 2.2.22-13+deb7u1 i386 Apache HTTP Server common files 
ii git 1:1.7.10.4-1+wheezy1 i386 fast, scalable, distributed revision control system 
ii git-core 1:1.7.10.4-1+wheezy1 all fast, scalable, distributed revision control system (obsolete)
ii git-man 1:1.7.10.4-1+wheezy1 all fast, scalable, distributed revision control system (manual pages)
ii gitweb 1:1.7.10.4-1+wheezy1 all fast, scalable, distributed revision control system (web interface) 

2
root@git:/etc/apache2/sites-enabled# cat *  

ServerName git.ring-of-fire.com # real FQDN, IMPORTART!! for git's sake
 <VirtualHost *:80>
ServerAdmin webmaster@localhost

 DocumentRoot /var/www/default  
Options -Indexes -FollowSymLinks -MultiViews AllowOverride None 
ErrorLog ${APACHE_LOG_DIR}/zhttp-error.log 
LogLevel warn 
CustomLog ${APACHE_LOG_DIR}/zhttp-access.log combined 
# a default site with any kind of index.html or .htaccess  
 </VirtualHost>
<VirtualHost *:443>
ServerAdmin webmaster@localhost 
DocumentRoot /var/www 
Options Indexes FollowSymLinks MultiViews AllowOverride All  
ErrorLog ${APACHE_LOG_DIR}/error.log 
LogLevel warn CustomLog ${APACHE_LOG_DIR}/access.log combined 
SSLEngine On 
SSLCertificateFile /etc/apache2/ssl/git_ring.crt 
SSLCertificateKeyFile /etc/apache2/ssl/git_ring.key 
SSLCACertificateFile /etc/apache2/ssl/git_ring_bundle.ca 
BrowserMatch "git" nokeepalive ssl-unclean-shutdown 
 # this https site is for the real use 
 </VirtualHost>

3
root@git:/etc#cat gitweb.conf
# path to git projects (<project>.git)
$projectroot = "/var/www/git"
;
....
This is the only parameter you need to change.

4
root@git:/etc/apache2/conf.d# cat git.conf 
SetEnv GIT_PROJECT_ROOT /var/www/git # check
SetEnv GIT_HTTP_EXPORT_ALL
ScriptAlias /git /usr/lib/git-core/git-http-backend/ # check if this dir exists

<Directory "/usr/lib/git-core">
  Options +ExecCGI
  Allow From All
</Directory>

AliasMatch ^/git/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$          /var/www/git/$1
AliasMatch ^/git/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$ /var/www/git/$1
ScriptAliasMatch \
    "(?x)^/git/(.*/(HEAD | \
            info/refs | \
            objects/info/[^/]+ | \
            git-(upload|receive)-pack))$" \
    /usr/lib/git-core/git-http-backend/$1

<Location "/git/YourMightyREPO">
    AuthBasicProvider ldap
    AuthType Basic
    AuthzLDAPAuthoritative on
    AuthName "Git Server"
         AuthLDAPURL "ldap://YourLDAPServerIP:389/OU=YourADOU,DC=ring,DC=local?sAMAccountName?sub?(objectClass=*)" NONE
        AuthLDAPBindDN "CN=Your auth user name,cn=Users,dc=ring,dc=local"
        AuthLDAPBindPassword verysecretpassword
       Require ldap-group                 CN=ring_developers,OU=your_groups_container_OU,DC=ring,DC=local

</Location>


5
root@git:/etc/apache2/conf.d# cat gitweb.conf
Alias /web "/usr/share/gitweb/" # Check if /usr/share/gitweb there exists. Note the string /web

<Directory "/usr/share/gitweb">
    Options ExecCGI
    AllowOverride None
    AddHandler cgi-script .cgi
    DirectoryIndex gitweb.cgi
    Order deny,allow
    Allow from all

    AuthBasicProvider ldap
    AuthType Basic
    AuthzLDAPAuthoritative on
    AuthName "GITWEB for RING"
     AuthLDAPURL "ldap://YourLDAPserverIP:389/OU=your_users_container_OU,DC=ring,DC=local?sAMAccountName?sub?(objectClass=*)" NONE
    AuthLDAPBindDN "CN=Your LDAP bind user name,cn=Users,dc=ring,dc=local"
        AuthLDAPBindPassword verysecretpassword
        Require ldap-group CN=ring_developers_webadmin,OU=your_groups_container_OU,DC=ring,DC=local



6
Initialize, check and done.

root@git:/var/www/default# ls
index.html


root@git:/var/www/git# ls

mkdir YourMightyRepo && cd * && git --bare init
cd .. && chown www-data:www-data * -R
service apache2 restart
get-a-coffee


More totally useless and misleading info here: http://git-scm.com/docs/git-http-backend

Yet another ultimate howto: a collection of hotfixes for Exchange 2010 for Windows 2008 R2

$
0
0

How to mass-upload profile pictures to Exchange 2013

$
0
0
It's friday afternoon, an hour before the end of your shift. Biggest boss walkes into your office and says:
- It's good to see you being so happy to see me. I've got a job for you. You gotta load our new employees' high-resolution photos into our company's Exchange2013 immediately. You should be able to find all the 180 picture files on the fileserver. Actualy, it should have done yesterday. So... (dramatic pause)... have you done it yet ?
  1. - Don't panic.
  2. - Resize or cut those freaking profile photos to 648x648 pixels with a free smart photo viewer, for example with a batch job in Irfanview.
  3. - Rename the files to match your users' login names, e.g. Bill Gates -- billgates.jpg - That's the trickiest part if your files are called user3412_10102014.png or whatever. That'd suck. Force your colleagues to name the files properly next time.
  4. - Use this script. It reads all the files in the sourcedir, takes the username from filename and puts the picture into that user's corresponding Exchange attribute.

$sourcedir = "c:\temp\photos\"
$files = Get-ChildItem $sourcedir -Filter "*.jpg"
$files | ForEach-Object {

   $fullpath= $sourcedir + $_.Name
   $name = $_.BaseName
   write $fullpath
   write $name

   $photo = ([Byte[]] $(Get-Content -Path $fullpath -Encoding Byte -ReadCount 0))
   Set-UserPhoto -Identity $name -PictureData $photo -Confirm:$False
   Set-UserPhoto -Identity $name -Save -Confirm:$False
  
}


Curious why 648x648 is that dimension exactly? Nobody knows. Frankly. The point is you will end up with 3 different sized picture stored for each account in your AD and Exchange 2013 and Lync 2013 or Sharepoint 2013 (if you have any)
  1. 48 x 48 pixels in AD thumbnailPhoto attribute field (If you upload a photo to Exchange 2013, Exchange will automatically create a 48 pixel by 48 pixel version of that photo and update the user's thumbnailPhoto attribute. Note, however, that the reverse is not true: if you manually update the thumbnailPhoto attribute in Active Directory the photo in the user's Exchange 2013 mailbox will not automatically be updated).
  2. 96 x 96 pixels for use in Microsoft Outlook 2013 Web App and Microsoft Outlook 2013
  3. 648 x 648 pixels for use in Lync 2013 and Sharepoint 2013

Can't install an additional Exchange 2013 in the domain

$
0
0
Today I've just run into this funny issue. It took two hours for me to get the clue!

Here is the error report:

Error:
Global updates need to be made to Active Directory, and this user account isn't a member of the 'Enterprise Admins' group.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.GlobalUpdateRequired.aspx

Error:
You must be a member of the 'Organization Management' role group or a member of the 'Enterprise Admins' group to continue.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.GlobalServerInstall.aspx

Error:
You must use an account that's a member of the Organization Management role group to install or upgrade the first Mailbox server role in the topology.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DelegatedBridgeheadFirstInstall.aspx

Error:
You must use an account that's a member of the Organization Management role group to install the first Client Access server role in the topology.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DelegatedCafeFirstInstall.aspx

Error:
You must use an account that's a member of the Organization Management role group to install the first Client Access server role in the topology.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DelegatedFrontendTransportFirstInstall.aspx

Error:
You must use an account that's a member of the Organization Management role group to install or upgrade the first Mailbox server role in the topology.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DelegatedMailboxFirstInstall.aspx

Error:
You must use an account that's a member of the Organization Management role group to install or upgrade the first Client Access server role in the topology.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DelegatedClientAccessFirstInstall.aspx

Error:
You must use an account that's a member of the Organization Management role group to install the first Mailbox server role in the topology.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.DelegatedUnifiedMessagingFirstInstall.aspx

Error:
Setup encountered a problem while validating the state of Active Directory: Couldn't find the Enterprise Organization container.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.AdInitErrorRule.aspx

Error:
The forest functional level of the current Active Directory forest is not Windows Server 2003 native or later. To install Exchange Server 2013, the forest functional level must be at least Windows Server 2003 native.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.ForestLevelNotWin2003Native.aspx

Error:
Either Active Directory doesn't exist, or it can't be contacted.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.CannotAccessAD.aspx

Warning:
Setup will prepare the organization for Exchange 2013 by using 'Setup /PrepareAD'. No Exchange 2010 server roles have been detected in this topology. After this operation, you will not be able to install any Exchange 2010 servers.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.NoE14ServerWarning.aspx


Obviously, the AD was prepared previously (having a working Exchange 2013) and I'm a Schema and Enterprise Admin.
Solution:
It turned out that I was trying to install the Exchange in site A (a site with a working DC) but the the Schema Master FSMO role holder DCwas located in site B. Of course both was perfectly connected and replicating with the other. However, for whatever reason my clever Exchange setup was simply unable to connect the Schema Master and exited in such a stupid way. I moved the Schema Master role to site A and voila, Exchange setup immediately worked.

IPTABLES - how to allow or ban certain countries of the world

$
0
0
It's a usual request for a sysadmin to ban or allow only a certain country in firewalls or .htaccesses of apache. Here are two common ways to do that.

Method 1.
Using xtables and maxmind

apt-get install libtext-csv-xs-perl module-assistant geoip-database libgeoip1
module-assistant --verbose --text-mode auto-install xtables-addons
mkdir /usr/share/xt_geoip
cd /usr/share/xt_geoip
# this is a rather old package but for free
wget http://terminal28.com/wp-content/uploads/2013/10/geoip-dl-build.tar.gz
tar xvf geoip-dl-build.tar.gz
./xt_geoip_dl
./xt_geoip_build -D . *.csv
##EXAMPLE ##EXAMPLE ##EXAMPLE ##EXAMPLE ##EXAMPLE ##EXAMPLE ##EXAMPLE 
iptables --flush # BEWARE
iptables -A INPUT -p tcp --dport 443 -m geoip --src-cc HU,CZ,PL,RO -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j DROP
 
 
Method 2.
Simply using https://www.countryipblocks.net/country_selection.php to get ranges to allow/deny

 

Little dear ones of mine

$
0
0
How to take actions on a directory that contains hundreds of subdirectories, named like this...
0001
0002
....
0100
0101
...
0999
1000
...

...but just on the first some hundreds of them so their proper naming could be an issue. Solution:
#!/bin/bash

for i in $(seq 500);do
lngt=`expr length $i`
case $lngt in
    1)
    i=000$i
    ;;
    2)
    i=00$i
    ;;
    3)
    i=0$i
    ;;
esac
ls /home/samba/archive/$i -LRs >> /root/content.txt
done

It could be more solid but you know, always Keep It Simple&Stupid. :-)
Here is a more complex one. It's a cron driven script that checks your openvpn logfile and email you if an event (e.g. if certain user connects) found. It remembers its last run so that a logline never get processed twice. Also handles logrotate events.
#!/bin/bash

cd /var/log/openvpn
[ -e temp ] && rm temp
echo ""> connectionz
NOW=`cat openvpn.log|wc -l`
LAST=`cat last`
CHECK=$(($NOW-$LAST))
    if [[ $CHECK -ge 0 ]]; then # change found
    echo $NOW > last # if 0 then doesn't matter but no harmful
    else
    echo 0 > last # logrotation happened, nulling last
    LAST=0
    fi
tail -$CHECK openvpn.log|grep Initiated >
connectionz
while read line
 do
 USER=`echo $line|cut -d '[' -f2|cut -d ']' -f1`
 DATUM=`echo $line|cut -d '' -f2-5`
  if [ $USER = "JohnSmith" ] || [ $USER = "PeteSmith" ] || [ $USER = "JaneSmith" ] ; then
   echo "A user connected:"$USER" event time:"$DATUM >> temp
   echo "">> temp
  fi
 done < connetionz
[ -e temp ] && cat temp | mail -n -s "OPENVPN CONNETION initiated" myemail@mydomain.com,yourdomain@yourdomain.com

Create a new virtual disk / disk group on a Dell PowerVault MD3220i

$
0
0
I've recently added two 1TB disks to a PowerVault MD3220i to be used as backup storage in a RAID1 mirror. Without further ado, here are my smart-steps.

No pools, my setup here requires a new group.

Let's begin. Since I have two new hot-added disks, the software intelligent enough to recognize the situation.

Name the physical array and choose manual mode, just to be on the safe side.

RAID1, choose disks and don't forget to click on Calculate Capacity. Then, Finish.

YES we want to do it.

Capacity, name... and I map it to my host group right here and now.

We've done here. I don't want to create an other virtual disk since I've used up all my available disk space.
Wait approx. an hour till the new 1TB virtual disk gets ready. (See the green bar on the bottom?)



Windows 2012 DHCP cluster has been split - check your timeservers

$
0
0
This is the icon you definitely don't want to see on your DHCP console:




First, check your network connectivity with the partner server. If it has gone down previously the parner relationship should be restored automatically when it comes back.
Second, you likely have a time diff issue. Standardize your time setup on ALL your physical Windows servers (NOT just on your PDC emulator. No doubt. Trust me.) (and, therefore, time is getting ready on domain clients) with the following commands:

net stop w32time
w32tm /config /syncfromflags:manual /manualpeerlist:"1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org,time-b.nist.gov"
w32tm /config /reliable:yes
net start w32time


No need to w32tm /resyncafter this. Time should be corrected immediately

How to remote control your domain Windows 7 computers via remote powershell and remote registry from a Windows 2012 domain controller

$
0
0
From briantist.com

If you are lucky enough to have no machines in your environment below Windows 7 / 2008 R2 (where do you work?!) then this is the only one you need. All of the settings we are using will be in Computer Configuration so if you want to disable User Configuration as I have go ahead.
  1. Create your GPO, name it what you want, place it where you want, etc.
  2. Edit your policy.

Enabling WinRM

  1. Browse to:
    Policies > Administrative Templates > Windows Components > Windows Remote Management (WinRM) > WinRM Service
    1. Open the “Allow Remote Server management through WinRM” policy setting (Server 2008 R2 and later).
    2. Open the “Allow automatic configuration of listeners” policy setting (Server 2008 and earlier).
  2. Set the Policy to Enabled.
  3. Set the IPv4 and IPv6 filters to * unless you need something specific there (check out the help on the right).

Setting the Firewall Rules

You can use the new Firewall with Advanced Features policy to configure the rule instead, but this will only work on Vista and above. Additionally, you should configure this from a Windows 7 / 2008 R2 machine because of a difference in the pre-defined rule.

  1. Browse to:
    Policies > Windows Settings > Security Settings > Windows Firewall with Advanced Security > Windows Firewall… > Inbound Rules
  2. Right click and choose “New Rule…”
  3. Choose the “Windows Remote Management” pre-defined rule.
  4. When you click next you should see the two rules that will be added.
  5. Click next, choose to Allow the connection, and then Finish.

Service Configuration

At this point we have enough in place to get this working, but I like to do a few more things to ensure that the WinRM service is configured to start automatically and to restart on failure.
  1. Browse to:
    Policies > Windows Settings > Security Settings > System Services
  2. Find the “Windows Remote Management (WS-Management)” service.
  3. Define the policy and give it a startup mode of Automatic.
  4. Browse to:
    Preferences > Control Panel Settings > Services
  5. Create a new Service preference item with the following parameters:
    1. General Tab
      1. Startup: No Change (the policy we set above will take precedence over this anyway)
      2. Service name: WinRM
      3. Service action (optional): Start service
    2. Recovery Tab
      1. First, Second, and Subsequent Failures: Restart the Service
 Whole article is here

Set powershell execution policy

Go to Computer configuration / Policies / Administrative templates: Policy definitons (ADMX files) / Windows components / Windows Powershell. Set "Turn on script execution" to "Allow all scripts". This policy setting exists under both "Computer Configuration" and "User Configuration" in the Local Group Policy Editor. The "Computer Configuration" has precedence over "User Configuration." If you disable or do not configure this policy setting, it reverts to a per-machine preference setting; the default if that is not configured is "No scripts allowed." !


Remote registry access enable

1. On a domain controller, Start > administrative tools > Group Policy Editor > Either edit an existing policy or create a new one (Remember its a computer policy you need to link it to something with computers in it, if you link it to a users OU nothing will happen).
2. Navigate to, Local Computer Policy > Computer Configuration > Policies > Windows Settings > Security Settings > System Services.
3. In the right hand pane locate "Remote Registry".
4. Define the policy, and set the startup type to automatic.
Article is from petenetlive.
Viewing all 91 articles
Browse latest View live