Catalogues in XenDesktop v5.5 hide some details

 

So if you are trying to find what the original source VM for that catalogue in XenDesktop was, you can but it is ugly?

Get-ProvTask

Star looking, you can find your pool name and then the machine names, and hey presto, the MasterImage is right there:

TaskId                             : 4864f7c5-5fb7-46fc-bc05-eb6712bd051c
Active                             : False
Host                               : SYDVDI01
DateStarted                        : 18/07/2011 1:25:25 PM
Type                               : NewVirtualMachine
Metadata                           : {Citrix_DesktopStudio_DesktopCatalogId = 5, Citrix_DesktopStudio_ImagesToCopyCount
                                      = 1, Citrix_DesktopStudio_StartTime = 634465917882529544, Citrix_DesktopStudio_Ta
                                     skGroupId = c0e304b0-d5a7-41f3-8112-52eca1616465...}
WorkflowStatus                     : Completed
MasterImage                        : XDHyp:\HostingUnits\Sydney VDI\vid-7-soe-xxx.vm\Citrix_XD_xxx.snapshot
ProvisioningSchemeName             : xxx hey VDI
ProvisioningSchemeUid              : ac4a2cc8-6b19-496c-8f0d-f0cfb7c58b36
TaskState                          : Finished
TaskStateInformation               :
HostingUnitUid                     : db5fad7c-d053-47a3-85d2-f0bd8bcb715b
HostingUnitName                    : Sydney VDI
IdentityPoolUid                    : 80859e24-15b2-49dd-97b6-59738b0eb7d3
IdentityPoolName                   : POOL NAME
VirtualMachinesToCreateCount       : 5
VirtualMachinesCreatedCount        : 5
VirtualMachinesCreationFailedCount : 0
CreatedVirtualMachines             : {VDIexx004, VDIexx001, VDIePassxx003, VDIexx002...}
FailedVirtualMachines              : {}
ProvisioningJob                    : 098e166a-2ed4-45a6-808f-a02d8415ab34
ProvisioningStatus                 : Completed

XenDesktop MCS updating master

If you are using the Machine Creation Services (MCS) to created dedicated images, this does not really matter, but if you update the master and want to mint more VMs in the same catalogue (without affecting the current). This is how it works.

The MCS in XenDesktop 5.5 is pointed to a master image when a Catalogue is created. You can be pooled or dedicated:

• Dedicated virtual desktops retain all changes, software installations, local data, in a local difference disk.
• Pooled Catalogue virtual desktops do not retain changes, the difference disk is reset upon reboot.

When using pooled desktops, the base image can be updated allowing changes from the master disk to be replicated to the deployed VMs, providing for centralised patch and application management. Each deployed image, whether pooled or dedicated, will also contain an identity disk.

Master Image - Once a master image is identified (when the catalogue is created), a private-use clone of the VMDK is created for use by all the catalogue machines.

This cloned disk is separate from the Master Image VM, allowing that VM to be updated or deleted with no impact on the deployed virtual desktops.

This master image clone is copied to each VMware Data-store automatically.

Each catalogue is linked to its own master image clone. If multiple catalogues are defined, then multiple master clones will be generated.

A master image can be changed to a different disk using the following command in PowerShell: Publish-ProvMasterVmImage. This will only impact new machines created in the catalogue, not existing machines already generated.

I hope this helps explain the disks under the covers.

Sources:
http://forums.citrix.com/thread.jspa?messageID=1534982
http://www.thegenerationv.com/2011/03/xendesktop-5-deep-dive-machine-creation.html

Need to change the XenDesktop network?

 

When you install XenDesktop the installer asks you the default network during the installation, and does not let you change it in the GUI, but like everything it can be done via PowerShell:

Here is the offending entry below.

So, open powershell as administrator

Add the Citrix snapins

Asnp Citrix.*

You can see all the options with.

Get-Command –Module Citrix.*

But this is what we run to get out

get-item -path XDHyp:\HostingUnits\*

PSPath                 : Citrix.Host.Admin.V1\Citrix.Hypervisor::XDHyp:\hostingunits\VDIhost
PSParentPath           : Citrix.Host.Admin.V1\Citrix.Hypervisor::XDHyp:\hostingunits
PSChildName            : VDIhost
PSDrive                : XDHyp
PSProvider             : Citrix.Host.Admin.V1\Citrix.Hypervisor
PSIsContainer          : True
HostingUnitUid         : e1bd6ca2-a30b-40b1-8200-518e262da208
HostingUnitName        : VDIhost
HypervisorConnection   : MelbVDI
RootPath               : XDHyp:\Connections\MelbVDIm.d\M C P.cluster\VDI.res
                         ourcepool
RootId                 : resgroup-6718
NetworkPath            : XDHyp:\Connections\MelbVDI\m.d\M C P.cluster\VDI.res
                         ourcepool\VM Network.network
NetworkId              : Network:network-82
Storage                : {XDHyp:\Connections\MelbVDI\Melbourne.datacenter\M C P.cluster\VDI.re
                         sourcepool\MEL-T3-VMDK01.storage, XDHyp:\Connections\MelbVDI\m.d\M C P.cluster\VDI.resourcepool\MEL-T3-VMDK02.storage}
VMTaggingEnabled       : True
UseLocalStorageCaching : False
Metadata               : {}

Now you know your hosting unit name and the format for the network connection format for the VMware network name look at Virtual Centre.

Then set it using the new details

set-item xdhyp:\hostingunits\vdihost -networkpath "XDHyp:\Connections\MelbVDI\m.d\M C P.cluster\VDI.resourcepool\VDI restricted network.network"

Refresh the Desktop controller and voilà

References:

http://support.citrix.com/article/CTX128057

http://fourteenninetyfour.blogspot.com/2011/06/to-change-network-interfaces-on.html

Size does matter to Active Directory

I am working on a 200,000 user AD (large by Australian standards, about 10GB) and it got me thinking of limits and scale.

Domains and Domain controllers

• There is a limit of 1,200 domain controllers due to SYSVOL FRS limits. This can be removed by moving to DFSr replication
• Each domain controller in an Active Directory forest can create 2.15 billion objects during its lifetime
• There is a limit of approximately 1 billion security identifiers (SIDs) over the life of a domain
• OU names are limited to 64 characters
• There is no limit to the depth of the OU structure
• There is no limit to the number of users or other objects per OU
• The maximum number of domains in a forest is 1200

Users and Groups

• Display names are limited to 256 characters
• Common names are limited to 64 characters
• The SAM-Account-Name attribute (pre–Windows 2000 user logon name) is 256 characters in the schema. However, for backward compatibility the limit is 20 characters
• Users, groups, and computer accounts can be members of a maximum of approximately 1,015 groups
• Groups can have millions of members, and Microsoft scalability testing reached 500 million members. Use W2K8 mode.
• The maximum recommended size for a Kerberos ticket is 65,535 bytes and when you get large tokens (think SIDHistory) this can cause issues with Sharepoint/IIS authentication.
• A limit of 999 Group Policy objects (GPOs) that you can apply to a user account or computer account

Naming and locating

• Fully qualified domain names (FQDNs) in Active Directory cannot exceed 64 characters in total length, including hyphens and periods (.) Longer DNS names are available BUT not valid in AD as resources
• NetBIOS computer and domain names are limited to 15 characters.
• Domain Name System (DNS) host names are limited to 24 characters.
• LDAP bind operations limit the distinguished name (also known as DN) of the user to 255 total characters
• Kerberos clients can traverse a maximum of 10 trust links to locate a requested resource in another domain. more than this and the attempt to access the resource fails

 

Sources: Primarily http://technet.microsoft.com/en-us/library/active-directory-maximum-limits-scalability%28WS.10%29.aspx

And other places…

Removing VMware Storage from XenDesktop 5.5

 

Have you added but need to remove storage from XD55? Well there are instructions but they are a little obtuse? Here is how I did it. I have underlined the key parts.

http://support.citrix.com/static/kc/CTX127254/help/Remove-HypHostingUnitStorage.htm

 

PS C:\> get-item -path XDHyp:\HostingUnits\*

PSPath                 : Citrix.Host.Admin.V1\Citrix.Hypervisor::XDHyp:\HostingUnits\VDIhost
PSParentPath           : Citrix.Host.Admin.V1\Citrix.Hypervisor::XDHyp:\HostingUnits
PSChildName            : VDIhost
PSDrive                : XDHyp
PSProvider             : Citrix.Host.Admin.V1\Citrix.Hypervisor
PSIsContainer          : True
HostingUnitUid         : e1bd6ca2-a30b-40b1-8200-518e262da208
HostingUnitName        : VDIhost
HypervisorConnection   : MelbVDI
RootPath               : XDHyp:\Connections\MelbVDI\M.datacenter\M C P.cluster\VDI.resourcepool
RootId                 : resgroup-6718
NetworkPath            : XDHyp:\Connections\MelbVDI\M.datacenter\M C P.cluster\VDI.resourcepool\VM Network.network
NetworkId              : Network:network-82
Storage                : {XDHyp:\Connections\MelbVDI\M.datacenter\M C p.cluster\VDI.resourcepool\melsan01:melvmdk06.storage, XDHyp:\Connections\MelbVDI\Melbourne.datacenter\M C P.cluster\VDI.resourcepool\melsan01:melvmdk07.storage, XDHyp:\Connections\MelbVDI\M.datacenter\M C P.cluster\VDI.resourcepool\MEL-T3-VMDK01.storage}
VMTaggingEnabled       : True
UseLocalStorageCaching : False
Metadata               : {}

PS C:\> remove-hyphostingunitstorage -literalpath xdhyp:\hostingunits\vdihost -StoragePath XDHyp:\"Connections\MelbVDI\M.datacenter\M C P.cluster\VDI.resourcepool\melsan01:melvmdk06.storage"

HostingUnitUid         : e1bd6ca2-a30b-40b1-8200-518e262da208
HostingUnitName        : VDIhost
HypervisorConnection   : MelbVDI
RootPath               : /M.datacenter/M C P.cluster/VDI.resourcepool
RootId                 : resgroup-6718
NetworkPath            : /M.datacenter/M C P.cluster/VDI.resourcepool/VM Network.netwo
                         rk
NetworkId              : Network:network-82
Storage                : {/M.datacenter/M C P.cluster/VDI.resourcepool/melsan01:melvmd
                         k07.storage, /M.datacenter/M C P.cluster/VDI.resourcepool/MEL
                         -T3-VMDK01.storage, /M.datacenter/M C P.cluster/VDI.resourcep
                         ool/MEL-T3-VMDK02.storage}
VMTaggingEnabled       : True
UseLocalStorageCaching : False
Metadata               : {}

Quick refresh in Citrix Desktop Studio and you will see they are gone. 

Citrix Client version from a VBS

 

Dim WshShell, objFSO, strOCXLocation, strICAVersion

Set WshShell = WScript.CreateObject("WScript.Shell")
Set objFSO = CreateObject("Scripting.FileSystemObject")
strOCXLocation = WshShell.RegRead("HKCR\CLSID\{238F6F83-B8B4-11CF-8771-00A024541EE3}\InprocServer32\")
strICAVersion = objFSO.GetFileVersion(strOCXLocation)
Wscript.echo strICAVersion

 

Enough said.

 

Original article: http://support.citrix.com/article/CTX229784

Need to run an Oracle server in a VDI session?

 

Why, is a different questions, but if you do you will know about the listener.ora and the tnsnames.ora files that both reference the local computer name. You cant just set them to localhost.

But you can via a local GPO, startup script check them, replace them with some pre-formatted files and then pop in the local computer name and restart Oracle. Here is the VBS to do it.

PS: Yes I could use functions and subs but I didn’t so don't be a punisher. Long live the VBS batch file!

 

' Get domain, host name

Set WshNetwork = WScript.CreateObject("WScript.Network")

'WScript.Echo "Computer Name = " & WshNetwork.ComputerName

' "User Name = " & WshNetwork.UserName & vbCrLf & "Domain = " & WshNetwork.UserDomain

CompName=WshNetwork.ComputerName

DomName=WshNetwork.UserDomain

' WScript.Echo DomName &"\"& CompName

' check to see if the computer name is right

Const ForReading = 1

Set objRegEx = CreateObject("VBScript.RegExp")

objRegEx.Pattern = CompName

Set objFSO = CreateObject("Scripting.FileSystemObject")

Set objFile = objFSO.OpenTextFile("D:\oraclexe\app\oracle\product\10.2.0\server\NETWORK\ADMIN\tnsnames.ora", ForReading)

Do Until objFile.AtEndOfStream

strSearchString = objFile.ReadLine

Set colMatches = objRegEx.Execute(strSearchString)

If colMatches.Count > 0 Then

For Each strMatch in colMatches

' Wscript.Echo "found computer name: " &strSearchString & " Quiting."

' FTW quit.

Wscript.quit

Next

End If

Loop

objFile.Close

' Plan b

wscript.echo "put the files in place to update"

Set filesys=CreateObject("Scripting.FileSystemObject")

FolderLocation="D:\oraclexe\app\oracle\product\10.2.0\server\NETWORK\ADMIN\"

'wscript.echo FolderLocation & "*.prepped", FolderLocation & "*.ora"

filesys.CopyFile FolderLocation & "tnsnames.prepped", FolderLocation & "tnsnames.ora", true

filesys.CopyFile FolderLocation & "listener.prepped", FolderLocation & "listener.ora", true

set filesys=Nothing

'Stop Service

'wscript.echo "stoping"

strServiceName = "OracleServiceXE"

Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")

Set colListOfServices = objWMIService.ExecQuery("Select * from Win32_Service Where Name ='" & strServiceName & "'")

For Each objService in colListOfServices

objService.StopService()

Next

strServiceName = "OracleXETNSListener"

Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")

Set colListOfServices = objWMIService.ExecQuery("Select * from Win32_Service Where Name ='" & strServiceName & "'")

For Each objService in colListOfServices

objService.StopService()

Next

wscript.sleep 5000

' Update the text files with the computer name

Const ForWriting = 2

FileLocation1="D:\oraclexe\app\oracle\product\10.2.0\server\NETWORK\ADMIN\tnsnames.ora"

OldText="<servername>"

NewText=CompName

Set objFSO = CreateObject("Scripting.FileSystemObject")

Set objFile = objFSO.OpenTextFile(FileLocation1, ForReading)

strText = objFile.ReadAll

objFile.Close

strNewText = Replace(strText, OldText, NewText)

Set objFile = objFSO.OpenTextFile(FileLocation1, ForWriting)

objFile.WriteLine strNewText

objFile.Close

FileLocation2="D:\oraclexe\app\oracle\product\10.2.0\server\NETWORK\ADMIN\listener.ora"

'wscript.echo "changing" & Filelocation1 & Filelocation2 & "to " & NewText

Set objFSO = CreateObject("Scripting.FileSystemObject")

Set objFile = objFSO.OpenTextFile(FileLocation2, ForReading)

strText = objFile.ReadAll

objFile.Close

strNewText = Replace(strText, OldText, NewText)

Set objFile = objFSO.OpenTextFile(FileLocation2, ForWriting)

objFile.WriteLine strNewText

objFile.Close

' wait for the services to finish stoping from above

wscript.sleep 10000

' start them and done.

'Start Service

strServiceName = "OracleXETNSListener"

Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")

Set colListOfServices = objWMIService.ExecQuery ("Select * from Win32_Service Where Name ='" & strServiceName & "'")

For Each objService in colListOfServices

objService.StartService()

Next

'Start Service

'wscript.echo "starting"

strServiceName = "OracleServiceXE"

Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")

Set colListOfServices = objWMIService.ExecQuery ("Select * from Win32_Service Where Name ='" & strServiceName & "'")

For Each objService in colListOfServices

objService.StartService()

Next

wscript.quit

Linux Citrix Client v11

 

Go to Citrix.com, Downloads, over on the right choose the Citrix Receiver (you need to go this way as Linux is not a client if you go via standard downloads).

Download the client

GUNzip the .gz: tar xfvz linuxx86-11.xxx.tar.gz

UnTAR the tar: tar xfvz linuxx86-11.xxx.tar

Change to the folder created

Execute the install script: sudo ./setupwfc

Accept the default options

 

If you need it motif?:

sudo apt-get install libmotif4

 

If you need funky certificate support:

If you have Firefox already installed you can grab them.

sudo cp /usr/share/ca-certificates/mozilla/* /usr/lib/ICAClient/keystore/cacerts/

Is there a Command-Line Operation to change Windows 7 theme?

 

Is there a way to change themes from the command-line, without showing the "Personalization" window? The command I use right now is

Code for Classic:

rundll32.exe %SystemRoot%\system32\shell32.dll,Control_RunDLL %SystemRoot%\system32\desk.cpl desk,@Themes /Action:OpenTheme /file:"C:\Windows\Resources\Ease of Access Themes\classic.theme"

or if you want the search bar, code for Basic:

rundll32.exe %SystemRoot%\system32\shell32.dll,Control_RunDLL %SystemRoot%\system32\desk.cpl desk,@Themes /Action:OpenTheme /file:"C:\Windows\Resources\Ease of Access Themes\basic.theme"

But this makes the "Personalisation" window pop up before changing the theme. There is a VBS that can open, then kill this window.

Set WshShell = WScript.CreateObject("WScript.Shell")

WshShell.Run "rundll32.exe %SystemRoot%\system32\shell32.dll,Control_RunDLL %SystemRoot%\system32\desk.cpl desk,@Themes /Action:OpenTheme /file:""C:\Windows\Resources\Ease of Access Themes\basic.theme"""

Wscript.Sleep 10000

WshShell.AppActivate("Desktop Properties")


WshShell.Sendkeys "%FC"


WshShell.Sendkeys "{F4}"

Or do this via the GPO:

Original article: http://www.sevenforums.com/themes-styles/93397-there-silent-command-line-operation-change-theme.html

Two or more local drives in XenDesktop with the MCS

 

Having used the Machine Creation Service it has a nasty habit of throwing away any additional drives you may have added to the source template VM for the VDI deployment. Take a look at the following examples…

1. A standard user with a simple, single drive and partition all looks good the original drive is maintained and a small 16MB personality disk is added by the MCS to track computer names etc.

2. But if you assign a second drive, or any other drives, apart from the first disk the MCS discards this and the new VDI computer does not have any other drives apart form the C: and the personality disk (which BTW has no drive letter assigned).

3. But if you want two or more disks, assign the extra space, using Windows 7 it will see the space and allow you to use it directly and create a new partition. Windows XP can two but if you want to expand the disk (within just c: – which is not what we are talking about here) you need a W7 boot disk to easily do this.

XenDesktop 5 and Windows 7 Default Profile

First, Create the base image, and base application installs.

Second, configure the applications, Desktop, Start menu and any other settings you want every new user to get.

Third, Create a new Local Administrator user account. Note that step two HAS to be done with a LOCAL user. Once everything is set the way you want, login with the new user account. Browse to C:\Users\ Rename "Default" to "Default-OLD" or whatever makes sense to you. Then make a copy of the first Administrator's account folder. Once it has successfully copied Rename it to "Default".

Fourth, Run Sysprep… Yeah I know it is a pain, but so far this is the only way to really make this work every time. To run sysprep logout of the Second Administrator's account and back in to the First. Disable the Second Admin account, and Delete the Users Profile. Now browse to c:\windows\system32\sysprep\ Run sysprep leaving all defaults.

Fifth, Run back through the Windows 7 Setup wizard and you are all set, don't forget to join it to the domain.

Now all you have to do is run the update wizard within XenDesktop 5.

Thanks for reading, Lawrence

Original: http://blog.ntcrash.biz/2011/04/29/xendesktop-5-and-windows-7-default-profile/

Removing the DigiNotar certificates

 

Due to the confusion, lack of transparency, and the potential risk from some 200+ root level domains having had fresh fraudulent certificates created I have gone through and removed DigiNotar from Firefox and Windows whenever I can. This is how.

You will see in IE you cant just delete it like in Firefox, see below

But you can open the MMC, open the Certificate management console, open the local machine and delete it here.

In Firefox it is straight forward.

Citrix XenDesktop changing from Eval to prod licence

 

Maybe everyone else knows about this, but I wanted to change from the 30 day XenDesktop Express edition licence to the production licence. And Citrix have made it really easy, if you notice that little button up the top right.

Sweet.

EdgeSight Error: 'Service Unavailable'

 

EdgeSight Error: 'Service Unavailable' after reboot from initial installation (CTX126899)

When attempting to access the EdgeSight console

Not: If you attempt to stop and restart the rsshadmin and rsshapp services, an incorrect logon message appears and the service fails to start.

True: In the IIS management console, the EdgeSight Application Pool might be in a stopped state.. The Application Pool starts successfully but reverts to a stopped state after a few seconds.

Resolution
Tried this: Re-type the logon credentials for the rsshasdmin and rsshapp services.
Tried this: Re-type the logon credentials used for the EdgeSight Application Pool identity.
Tried this: Add the EdgeSight Application Pool identity logon account to the EdgeSight server local IIS_IUSRS group.
Tried this: Restart the EdgeSight server.

Turned out the service account was blocked via a GPO from ‘logon as a batch job’. Once the policy was updated and replayed it worked fine.

This is the event viewer that found the problem.

XenDesktop 5 unable to connect to vSphere

 

• The error when connecting:

New-Item -Path 'xdhyp:\connections' -Name 'Melbourne VDI' -HypervisorAddress @('https://youFWDN/sdk') -ConnectionType 'VCenter' -Username 'vdiadmin' -Password '********' -AdminAddress 'localhost'

New-Item : The hypervisor was not contactable at the supplied address.
    + CategoryInfo : InvalidOperation: (:) [New-Item], InvalidOperationException
    + FullyQualifiedErrorId : Citrix.XDPowerShell.HostStatus.HypervisorNotContactable,Microsoft.PowerShell.Commands.NewItemCommand

New-Item : The hypervisor was not contactable at the supplied address.
    + CategoryInfo : InvalidOperation: (:) [New-Item], InvalidOperationException
    + FullyQualifiedErrorId : Citrix.XDPowerShell.HostStatus.HypervisorNotContactable,Microsoft.PowerShell.Commands.NewItemCommand

• If you open IE and try and connect to:

'https://youFWDN/sdk' – You get a certificate error.

You try an follow the instructions but are missing some details on the ‘local computer’ option. From: http://forums.citrix.com/thread.jspa?threadID=278523

“Open Internet Explorer and enter the address of the vSphere server as https://FQDN of the vSphere server
Accept the security warnings.
Click the Certificate Error in the Security Status bar and select View certificates.
Click Install certificate, and then click Next.
Select Place all certificates in the following store, and then click Browse.
Select the Show physical stores check box. (at the bottom of the dialog)
Expand Trusted People and select Local Computer.
Click OK, and then click Finish.”

• But you don't see the ‘Local Computer”

• The solution is you are on a W2k8 R2 server so run IE as Administrator and you can then add the cert to the Trusted People, Local Computer.

Solved !

• Restart IE, go to the URL, no error then go back to XenDesktop.

XenDesktop Delivery Controller and vSphere 4.1 (certs issue)

 

XenDesktop Delivery Controller and vSphere 4.1

vCenter HTTPS Access

1. On the vCenter server browse to Program Files (x86)\VMware\Infrastrutuce\VIUpdate 4.0\SSL  (W2K8r2) and copy the rui.crt to your XenDesktop DDC(s) (and provisioning server if used)
2. Open an MMC and the Certificates snap-in to manage Certificates for the Computer Account on the XenDesktop DDC/PS(s)
3. Expand Certificates > Trusted Root Certificates > Certificates and import the trusted root certificate for the SSL certificate copied from the vCenter server in step 1. 
1. Also import the certificate to the Trusted People Store.
4. Create a host file entry or DNS entry for vmware pointing to your vCenter server
5. In the Hosting Infrastructure section when creating a desktop group on the XenDesktop DDC (or PS) when the running the XenDesktop Setup Wizard, select VMware Virtualization for the Hosting Infrastructure and enter https://youvmwareserver/sdk for the Virtual Center address.

 

 

Updated and based on this: http://jariangibson.com/2009/10/13/using-xendesktop-with-vmware/

Copy XenServer to USB for installation

 

I used XenServer version 5.6.

1. Format USB key with Fat32
2. Ubuntu comes with “syslinux” (or download it from source) http://syslinux.zytor.com/wiki/index.php/Download
3. Type mount to see where the USB is mounted
4. Run ‘syslinux.exe /mnt/somewhere ‘ replacing with the mount point of the USB
5. Copy the contents of the extracted “XenServer-5.X.X-install-cd” folder to the root of the USB
6. On the USB drive, copy the contents of the /boot/isolinux folder to the root of the USB
7. On the root of USB drive, rename the ‘isolinux.cfg’ file to ‘syslinux.cfg’
8. On the root of USB drive, rename the ‘isolinux.bin’ file to ‘syslinux.bin’
9. If you get an “mboot.c32: not a COM32R image” error, (version 4.x of syslinux) copy the mboot.c32 from your downloaded copy of syslinux to the root of your USB drive

BPOS has lost the licences

 

Yesterday there were 3000, today 50… Lets wait and see.

W2K8 R2, AD Recycle bin and FIM

 

Turned on the Active Directory only to find out the FIM (Forefront Identity Manager) has not stoped synchronising some objects? Well fear not, they are in sync, but to the trash folder!

Below shows an object that is in sync, but to the delete item. There is a hotfix for it that installs on the DC. KB979214 is the patch.

Here is the KB article:

Consider the following scenario:

You enable the Active Directory Recycle Bin feature in a Windows Server 2008 R2-based domain.
You delete an object from Active Directory Domain Services (AD DS). For example, assume that you delete a user account.
You modify an object that has a relationship to the recently deleted object.
You perform an Active Directory directory synchronization (DirSync) control search to poll for the Active Directory changes in this domain.

In this scenario, the DirSync control search does not return the deactivated linked attributes from the modified object. Therefore, you cannot replicate these changes back to another database if you try to synchronize Active Directory Domain Services (AD DS) and another database.

For example, assume that you delete a user account that has the "testuser" name, and assume that this user account is a member of a group that has the "testgroup" name. Then, assume that you verify that the "testgroup" group does not include the "testuser" user account in the Active Directory Users and Computers window. In this scenario, a DirSync control search that polls for the Active Directory changes and for the request deactivated links cannot detect that the "testuser" account is joined to the "testgroup" group as an inactive member. Additionally, the "testgroup" group in another database does not include the user account "testuser" if you use the returned results from the DirSync control to synchronize Active Directory Domain Services (AD DS) and another database.

CAUSE
The Active Directory directory synchronization (DirSync) API functions do not identify the deactivated linked attributes correctly. This behavior causes the deactivated links not to be returned in the DirSync control search.

RESOLUTION
Hotfix information
A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing the problem described in this article. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix.

For all supported x64-based versions of Windows Server 2008 R2
File name    File version    File size    Date    Time    Platform
Ntdsa.mof    Not applicable    227,765    10-Jun-2009    20:34    N/A
Ntdsai.dll    6.1.7600.20621    2,721,280    19-Jan-2010    10:29    x64

What an Active Directory AS-Built Document should contain

 

Table of Contents

1. Executive Summary

1.1. Domain Controllers Summary

2. ServerNameHere01

2.1. System Information

2.2. System BIOS Information

2.3. Operating System Information

2.4. Network Information

2.5. Processor Information

2.6. Disk Information

2.7. Programs Installed

2.8. Patches Installed

2.9. Roles and Features Installed

2.10. Local Administrator Group

2.11. Network Shares

2.12. Windows Services

3. NextServerNameHere01

etc

10. Directory Artefacts

10.1. SID History

10.2. Password Synchronisation

11. Scheduled tasks

11.1. Daily Tasks and Their Importance

11.2. Weekly Monitoring Tasks

11.3. Monthly Monitoring Tasks

12. Backup

12.1. What to backed up

12.2. Backup process

13. SQL Databases

14. Interdependencies

14.1. Consumers of Active Directory

15. Maintenance

15.1. System maintenance window

15.2. AD-Hoc

15.3. Planned events

15.4. Periodical operational tasks (daily, monthly, weekly etc)

15.5. System start-up procedure

15.6. System shut-down procedure

15.7. System restart procedure

16. Known Support Issues

16.1. Manually running a SYNC from the FIM server

17. System diagnostics

What an Active Directory design should contain

 

Table of Contents from my last AD Design, just over 50 pages.

1. Executive Summary

1.1. Key Objectives

1.2. Assumptions

1.3. Future Environment

1.4. Current Environment

1.5. Existing MetaDirectory Services

2. Active Directory Domain Services (AD DS)

2.1. Overview

2.2. Design Decisions

2.3. Hardware

2.4. Software

2.5. Forests

2.6. Schema

2.7. Domains

2.8. NetBIOS name

2.9. Trusts

2.10. Active Directory and DNS

2.10.1. Active Directory Integrated DNS

3. Active Directory Services

3.1. Domain Controllers

3.2. Read-Only Domain Controllers

3.3. Global Catalogue Servers

3.4. FSMO Roles

3.5. DNS Services

3.6. WINS Services Placement

3.7. DHCP Services Placement

3.8. Time Support

3.9. Forest and Domain Functional Levels

3.9.1. Domain Functional Levels

3.9.2. Forest Functional Levels

3.10. Legacy Clients

3.11. Non-Windows Clients

3.12. Federation services

4. Active Directory Organisational Unit Design

5. Active Directory Administration Design

6. Group Policy Design

7. Active Directory Site and Replication Design

7.1. Replication Overview

7.1.1. Intra-Site Replication

7.1.2. Inter-Site Replication

7.2. Site Link Bridges

7.3. SMTP Replication

7.4. SYSVOL Distributed File System Replication (DFS)

7.5. SYSVOL File Replication Service (FRS)

8. Active Directory User Account Policy

8.1. Service accounts

9. Certificate Services

10. Active Directory Auditing

11. Microsoft Key Management Services (KMS)

12. Naming Standards

13. WAN Diagram

13.1. Active Directory

13.2. SYSVOL

13.3. DHCP/WINS

14. Test Success Criteria

Appendix A. Acceptance

Appendix B. Server Specifications

Appendix C. Anti-virus Exclusions

Appendix D. Sources

Appendix E. Definitions

Convert MKV to AVI on linux

 

I recently wanted to convert some of my 720p and 1080p Matroska Video (MKV) files to the Xvid format so that I can play them on my PS3. The video quality and Dolby Digital 5.1 audio would remain intact, and was pleased to get the job done with mencoder.

In the following example, I decided to use a single pass, fixed quantizer value of 4. The audio will simply be copied.

mencoder movie.mkv -channels 6 -ovc xvid -xvidencopts fixed_quant=4 -vf harddup -oac copy -o movie.avi

 

Original article: http://savvyadmin.com/convert-mkv-to-xvid-with-mencoder/

Fuppes on Natty 64bit (11.04)

 

sudo apt-get install ffmpeg build-essential \
libavutil-dev libavformat-dev libavcodec-dev \
subversion libtool libsqlite3-dev libpcre3-dev \
libxml2-dev libpcre3-dev pkg-config

Install fuppes from source

get the latest fuppes sources, unpack them and change in the fuppes directory
$ gunzip fuppes*
$ tar -xvf fuppes*
$ cd fuppes*

configure the source
$ ./configure
$ make

to install fuppes run (as root)
$ sudo make install

try and run it, you may get this error…

$ fuppes
fuppes: error while loading shared libraries: libfuppes.so.0: cannot open shared object file: No such file or directory

if so, run:
$ sudo ldconfig

Try again:
$ fuppes

Now go and configure the conf file.

"Not enough storage is available to complete this operation"

 

Clients not logging on correctly? Not mapping drivers, not running GPOs and GPPs. specifically after a domain migration or SIDmigration.

The following Warning message may be logged in the System log on the client computer:

Event Type: Warning
Event Source: Kerberos
Event Category: None
Event ID: 6

Description:
The kerberos SSPI package generated an output token of size 36E7 bytes, which was too large to fit in the 36D3 buffer provided by process id 0. If the condition persists, please contact your system administrator.

This problem occurs because the Kerberos token that is generated during authentication is more than the fixed maximum size. In the original release version of Microsoft Windows 2000, the default value of the MaxTokenSize registry entry was 8,000 bytes. In Windows 2000 with Service Pack 2 (SP2) and in later versions of Windows, the default value of the MaxTokenSize registry entry is 12,000 bytes.

For example, if a user is a member of a group either directly or by membership in another group, the security ID (SID) for that group is added to the user's token. For a SID to be added to the user's token, the SID information must be communicated by using the Kerberos token. If the required SID information exceeds the size of the token, authentication is unsuccessful.
 
To resolve this problem, increase the Kerberos token size. To do this, follow these steps on the client computer that logs the Kerberos event.

    Click Start, click Run, type regedit, and then click OK.
    Locate and then click the following registry subkey:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters
    Note If the Parameters key is not present, create the key. To do this, follow these steps:
        Locate and then click the following registry subkey:
        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos
        On the Edit menu, point to New, and then click Key.
        Type Parameters, and then press ENTER.
    On the Edit menu, point to New, and then click DWORD Value.
    Type MaxTokenSize, and then press ENTER.
    On the Edit menu, click Modify.
    In the Base area, click Decimal, type 65535 in the Value data box, and then click OK.

Note The default value for the MaxTokenSize registry entry is a decimal value of 12,000. We recommend that you set this registry entry value to a decimal value of 65,535. If you incorrectly set this registry entry value to a hexadecimal value of 65,535, Kerberos authentication operations may fail. Additionally, programs may return errors.

For more information, click the following article number to view the article in the Microsoft Knowledge Base: 297869  (http://support.microsoft.com/kb/297869/ ) SMS administrator issues after you modify the Kerberos MaxTokenSize registry value
    Exit Registry Editor.
    Restart the computer.

For more information about how to use the Tokensz tool to compute the maximum token size, visit the following Microsoft Web site:
http://www.microsoft.com/downloads/details.aspx?familyid=4A303FA5-CF20-43FB-9483-0F0B0DAE265C&displaylang=en (http://www.microsoft.com/downloads/details.aspx?familyid=4A303FA5-CF20-43FB-9483-0F0B0DAE265C&displaylang=en)
For more information about how to address problems that occur because of access token limitations, visit the following Microsoft Web site:
http://www.microsoft.com/downloads/details.aspx?FamilyID=22dd9251-0781-42e6-9346-89d577a3e74a&DisplayLang=en (http://www.microsoft.com/downloads/details.aspx?FamilyID=22dd9251-0781-42e6-9346-89d577a3e74a&DisplayLang=en)
For more information, click the following article numbers to view the articles in the Microsoft Knowledge Base:
327825  (http://support.microsoft.com/kb/327825/ ) New resolution for problems with Kerberos authentication when users belong to many groups
263693  (http://support.microsoft.com/kb/263693/ ) Group Policy may not be applied to users belonging to many groups

 

Original article: http://winad.epfl.ch/core/index.asp?article=159

Microsoft Standalone System Sweeper Beta–Rootkit remover

 

You have been directed here to download and install the beta version of Microsoft Standalone System Sweeper Beta, a recovery tool that can help you start an infected PC and perform an offline scan to help identify and remove rootkits and other advanced malware. In addition, Microsoft Standalone System Sweeper Beta can be used if you cannot install or start an antivirus solution on your PC, or if the installed solution can’t detect or remove malware on your PC.

Microsoft Standalone System Sweeper Beta is not a replacement for a full antivirus solution providing ongoing protection; it is meant to be used in situations where you cannot start your PC due to a virus or other malware infection. For no-cost, real-time protection that helps guard your home or small business PCs against viruses, spyware, and other malicious software, download Microsoft Security Essentials*.

To get started, make sure that you have a blank CD, DVD, or USB drive with at least 250 MB of space.

Download 32-bit version download 64-bit version

Should I download the 32-bit or 64-bit version?

Dead sections of screen on 11.04 Natty

 

I had a weird problem that sections of the screen, small section a few centre meters wide were dead to the mouse, you could not click on them, could not use the mouse track wheel to go up or down pages if the mouse was over them.

They still had video but were dead to the mouse.

Tried compwiz settings, video settings, drivers, nothing but then:

from my home folder:

rm -r .gnome .gnome2 .gconf .gconfd

and a quick init 6 and happy again.

odd.

Is the Length of an Email Address Limited? If Yes, What is the Maximum?

 

Question: Is the Length of an Email Address Limited? If Yes, What is the Maximum?
Answer:

Yes, the maximum length of an email address is 256 characters.

Every email address is composed of two parts. The local part comes before the '@' sign, and the domain part follows it. In "user@example.com", the local part is "user", and the domain part is "example.com".

The

  local part must not exceed 64 characters and
  the domain part cannot be longer than 255 characters;
  the total combined length of all characters (including '@' and punctuation) must not exceed 256 characters.

In sum, an email address can be 256 characters long at most. When you create an address, make sure your user name has less than 65 characters.

 

 

By Heinz Tschabitscher, About.com Guide
http://email.about.com/od/emailbehindthescenes/f/address_length.htm

Enable FIM 2010 and PCNS logging

 

Diagnostics and maintenance

Whenever a password change operation completes, the history is saved in the FIM Synchronisation Service database in SQL Server. Because a large number of password change operations can increase the size of the database, it is recommended that you save and clear the password change history on a regular basis to limit performance issues on the server running SQL Server. For information about clearing the password change history, see the FIM Developer Reference.

Both FIM and the PCNS use the Application log to record activity and failure events. For learning about password synchronisation, it is recommended that you set the logging level to high and monitor the Application log closely during the initial configuration and rollout of password synchronisation.

For FIM, there are four logging levels that are controlled by adding the FeaturePwdSyncLogLevel (REG_DWORD) entry to the following registry subkey:

      HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\FIMSynchronizationServices\Logging

• 0 = Minimal Logging
• 1 = Normal logging (default)
• 2 = High logging
• 3 = Verbose logging

For PCNS, there are four logging levels that are controlled by adding the EventLogLevel (REG_DWORD) entry to the following registry subkey:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\PCNSSVC\Parameters

• 0 = Minimal Logging
• 1 = Normal logging (default)
• 2 = High logging
• 3 = Verbose logging
  

Does not always seem to work without a reboot.

 

Hat-tip: http://certsrv.ru/fim2010.en/html/9537ebeb-80bb-4389-9538-1b65302b70eb.htm

PCNFCFG deleteTarget /N:name & Error deleting the target

 

pcnscfg list shows a target which is wrong but cannot be changed or deleted.

Error message from pcnscfg: Error deleting the target. The target was not found.

This target listed causes PCNS to target this server to sent the passwords to but it can't find it and gives me a 6025 error in eventviewer.

Open ADSIEDIT.MSC

Open the domain, select new Query

Name the query, the query string is ObjectClass=MS-MIIS-PCNS-Target

Find the target, right click and delete.

Restart PCNS and try again.

Hat-tip: http://social.technet.microsoft.com/Forums/en/identitylifecyclemanager/thread/80e13fb6-a09d-4bfa-b70f-e664ec4c0074

Error: The zone cannot be created. A conditional forwarding zone already exists for that name.

 

I tried to create a secondary DNS zone, but I received the following error: The zone cannot be created. A conditional forwarding zone already exists for that name.

• Connect to the domain controller.
• Go to Start > Run > Dnsmgmt.msc
• Point to the server’s name > Properties > Forwarders ,and remove the domain  that you are trying to create the secondary DNS zone.
• Re-create the zone from the start.

Thanks to: http://vvirtual.wordpress.com/2010/09/28/error-the-zone-cannot-be-created-a-conditional-forwarding-zone-already-exists-for-that-name/

User account control settings (kb305144)

 

The following table lists possible flags that you can assign. The flags are cumulative. To disable a user's account, set the UserAccountControl attribute to 0x0202 (0x002 + 0x0200). In decimal, this is 514 (2 + 512).

 

Property flag	Value in hexadecimal	Value in decimal
SCRIPT	0x0001	1
ACCOUNTDISABLE	0x0002	2
HOMEDIR_REQUIRED	0x0008	8
LOCKOUT	0x0010	16
PASSWD_NOTREQD	0x0020	32
PASSWD_CANT_CHANGE * You cannot modify	0x0040	64
ENCRYPTED_TEXT_PWD_ALLOWED	0x0080	128
TEMP_DUPLICATE_ACCOUNT	0x0100	256
NORMAL_ACCOUNT	0x0200	512
INTERDOMAIN_TRUST_ACCOUNT	0x0800	2048
WORKSTATION_TRUST_ACCOUNT	0x1000	4096
SERVER_TRUST_ACCOUNT	0x2000	8192
DONT_EXPIRE_PASSWORD	0x10000	65536
MNS_LOGON_ACCOUNT	0x20000	131072
SMARTCARD_REQUIRED	0x40000	262144
TRUSTED_FOR_DELEGATION	0x80000	524288
NOT_DELEGATED	0x100000	1048576
USE_DES_KEY_ONLY	0x200000	2097152
DONT_REQ_PREAUTH	0x400000	4194304
PASSWORD_EXPIRED	0x800000	8388608
TRUSTED_TO_AUTH_FOR_DELEGATION	0x1000000	16777216

Note In a Windows Server 2003-based domain, LOCK_OUT and PASSWORD_EXPIRED have been replaced with a new attribute called ms-DS-User-Account-Control-Computed.

Property flag descriptions

· SCRIPT - The logon script will be run.

· ACCOUNTDISABLE - The user account is disabled.

· HOMEDIR_REQUIRED - The home folder is required.

· PASSWD_NOTREQD - No password is required.

· PASSWD_CANT_CHANGE - The user cannot change the password.

· ENCRYPTED_TEXT_PASSWORD_ALLOWED - The user can send an encrypted password.

· TEMP_DUPLICATE_ACCOUNT - This is an account for users whose primary account is in another domain. This account provides user access to this domain, but not to any domain that trusts this domain. This is sometimes referred to as a local user account.

· NORMAL_ACCOUNT - This is a default account type that represents a typical user.

· INTERDOMAIN_TRUST_ACCOUNT - This is a permit to trust an account for a system domain that trusts other domains.

· WORKSTATION_TRUST_ACCOUNT - This is a computer account for a computer that is running Windows NT 4.0, Windows 2000 and is a member of this domain.

· SERVER_TRUST_ACCOUNT - This is a computer account for a domain controller that is a member of this domain.

· DONT_EXPIRE_PASSWD - Represents the password, which should never expire on the account.

· MNS_LOGON_ACCOUNT - This is an MNS logon account.

· SMARTCARD_REQUIRED - When this flag is set, it forces the user to log on by using a smart card.

· TRUSTED_FOR_DELEGATION - When this flag is set, the service account (the user or computer account) under which a service runs is trusted for Kerberos delegation. Any such service can impersonate a client requesting the service. To enable a service for Kerberos delegation, you must set this flag on the userAccountControl property of the service account.

· NOT_DELEGATED - When this flag is set, the security context of the user is not delegated to a service even if the service account is set as trusted for Kerberos delegation.

· USE_DES_KEY_ONLY - (W2K/W2K3) Restrict this principal to use only Data Encryption Standard (DES) encryption types for keys.

· DONT_REQUIRE_PREAUTH - (W2K/W2K3) This account does not require Kerberos pre-authentication for logging on.

· PASSWORD_EXPIRED - (W2K/W2K3) The user's password has expired.

· TRUSTED_TO_AUTH_FOR_DELEGATION - (W2K/W2K3) The account is enabled for delegation. This is a security-sensitive setting. Accounts with this option enabled should be tightly controlled. This setting allows a service that runs under the account to assume a client's identity and authenticate as that user to other remote servers on the network.

UserAccountControl values

These are the default UserAccountControl values for the certain objects:
Typical user : 0x200 (512)
Domain controller : 0x82000 (532480)
Workstation/server: 0x1000 (4096)

An Important Message from Dell Australia

Dell's global email service provider, Epsilon, recently informed us that their email system was exposed to unauthorised entry. As a result, your email address, and your first name and last name may have been accessed by an unauthorised party. Epsilon took immediate action to close the vulnerability and notify US law enforcement officials.

Whilst no credit card, banking or other personally identifiable information was involved, we felt it was important to let you know that your email address may have been accessed. While we hope that you will not be affected, we recommend that you be alert to suspicious emails requesting your personal information.

To help protect your personal information online we recommend that you do not provide any sensitive information through email, or open emails from senders you do not know. Dell will never ask for your financial information through email.

Dell takes its commitment to protecting customer data very seriously and has notified the Australian Privacy Commissioner and ACMA (Australian Communications and Media Authority). Dell continues to work closely with regulatory bodies and manage customer concerns.

We sincerely regret that this incident has taken place and we will continue to work with Epsilon to ensure that all appropriate measures are taken to protect your personal information.
Please contact us at anz_cust_serv@dell.com should you have any questions.
Sincerely

Deborah Harrigan
Dell Consumer and Small Business Executive Director
Dell Australia Pty Limited

Not an executable when running Regsvr32.exe on 64-Bit Windows

 

When you attempt to run Regsvr32.exe to register a 32-bit dynamic-link library (DLL) on a 64-bit version of Windows, you receive the following error message:
Filename.dll is not an executable file and no registration helper is registered for this file type.

This behaviour occurs because the Regsvr32.exe file in the System32 folder is a 64-bit version. When you run Regsvr32 to register a DLL, you are using the 64-bit version by default.

To resolve this issue, run Regsvr32.exe from the %SystemRoot%\Syswow64 folder. For example, type the following commands to register the DLL:

cd \windows\syswow64
regsvr32 c:\filename.dll

Paypal? http://www.dunavland.com/paypal.com/

 

Dear Valued Customer,

Your PayPal account was limited! For your security, we need to make sure that your PayPal account is protected. Please click the link below to confirm your account information.

Update Now

What is the problem?

Our system has detected unusual charges to a credit card linked to your PayPal account.

Case ID Number: PP-001-180-753-943

 

Just a reminder:

· Never share your password with anyone.

· Do not use a public computer to access your PayPal account.

Thanks,

PayPal.

 

Help Center | Security Center

Please do not reply to this email. This mailbox is not monitored and you will not receive a response. For assistance, log in to your PayPal account and click the Help link in the top right corner of any PayPal page.
To receive email notifications in plain text instead of HTML, update your preferences.

Copyright ©2011 PayPal, Inc. All rights reserved.

PayPal Email ID PP1263

Back in time

 

Funny how you can go from customer to customer, and here you are again…

• Timeframes that are impossible (for them)
• Customer who think they can keep up
• Old services which are unstable
• Managers who are hamstrung
• Technology that is untested
• Staff who are apathetic
• Network that is failing
• Patches on band aids

But we need to move X to Y because of Z, so lets give it a red-hot-go…

What could go wrong?

Invert text in a cell

 

If cell A1 contains:
microsoft excel

The formula/function in cell B1:
=ReverseCell(A1,TRUE)

returns:
lecxe tfosorcim

 

Please TEST this FIRST in a COPY of your workbook (always make a backup copy before trying new code, you never know what you might lose).

Adding the Macro
1. Copy the below macro, by highlighting the macro code and pressing the keys CTRL+C
2. Open your workbook
3. Press the keys ALT+F11 to open the Visual Basic Editor
4. Press the keys ALT+I to activate the Insert menu
5. Press M to insert a Standard Module
6. Paste the code by pressing the keys CTRL+V
7. Press the keys ALT+Q to exit the Editor, and return to Excel.

Code:

Option Explicit
Function ReverseCell(Rcell As Range, Optional IsText As Boolean)
'http://www.ozgrid.com/VBA/ReverseCell.htm
'Enter the function like this for text:
'=Reversecell(A1,TRUE)
'Or either of the ways below for numeric data
'=Reversecell(A1,FALSE)
'=Reversecell(A1)
'
Dim i As Integer
Dim StrNewNum As String
Dim strOld As String
strOld = Trim(Rcell)
For i = 1 To Len(strOld)
  StrNewNum = Mid(strOld, i, 1) & StrNewNum
Next i
If IsText = False Then
  ReverseCell = CLng(StrNewNum)
Else
  ReverseCell = StrNewNum
End If
End Function

 

 

Came from : http://excel.bigresource.com/Track/excel-cBcjrDfS/ thanks !

We are writing this letter on behalf of x-y-z Inc

 

Dear x y z Administrator:

We are writing this letter on behalf of x y z Inc., ("x y zPictures") who owns certain rights under copyright law in the title x y z.

You are receiving this notice because your Internet account was identified as having been used recently to copy and/or distribute illegally the copyrighted motion pictures and/or television shows listed at the bottom of this notice. This notice provides you with the information you need in order to take immediate action that can prevent serious legal and other consequences. These actions include:

1. Stop downloading or uploading without authorization any motion pictures or TV shows owned or distributed by x y z ; and

2. Permanently delete from your computer(s) all unauthorized copies you may have already made of these movies and TV shows.

If this notice is being received by an Internet Service Provider (ISP), please forward the notice to the individual associated with the activities.

The unauthorized distribution or public performance of copyrighted works constitutes copyright infringement under the Copyright Act, Title 17 U.S Code Section 106(3)-(4). This conduct may also violate the Berne Convention for the Protection of Literary and Artistic Works and The Universal Copyright Convention, as well as bilateral treaties with other countries that allow for protection of x y z copyrighted works even beyond U.S borders.

Copyright infringement also violates your ISP’s terms of service and could lead to limitation or suspension of your Internet service.  You should take immediate action to prevent your Internet account from being used for illegal activities.

An MPAA website, www.respectcopyrights.org, offers step-by-step instructions to ensure that your Internet account is not being used to violate the copyright laws.  Also, the site can point you to an array of legal choices for enjoying movies and TV shows online. You can also learn there how theft of motion pictures and TV shows damages our economy and costs thousands of Americans their jobs.

Please contact us at the above listed address or by replying to this email should you have any questions.

We are providing this notice based on our good faith belief that the use of motion pictures and television programs owned by x y z Industries Inc. in the manner complained of is not authorized by the copyright owners, their agents, or the law.  The information in this notification is accurate. Under penalty of perjury, we are authorized to act on behalf of the owners of the exclusive rights that are being infringed.  This letter is without prejudice to the rights and remedies of Columbia Pictures, all of which are expressly reserved.

We appreciate your assistance and thank you for your cooperation in this matter.  In your future correspondence with us, please refer to Case ID x y z.

Your prompt response is requested.

Respectfully,

D. Brewer
Enforcement Coordinator
Peer Media Technologies, Inc.
copyrightqs@mediasentry.com

------------------------------

INFRINGEMENT DETAIL
--------------------

Infringing Work: x y z
First Found: 31 Jan 2011 03:08:14 EST (GMT -0500)
Last Found: 31 Jan 2011 03:08:14 EST (GMT -0500)
IP Address: x y z
IP Port: 51413
Protocol: BitTorrent
Torrent InfoHash: x y z
Containing file(s):
x y z .[x y z.com].torrent (x y z bytes)

Don't run with five Active Directories, it helps no one

 

The group of companies have had some level of manual Active Directory integration for the last three years but with the appointment of … this program has been accelerated to better make use of the environment. Currently user population suffer from a series of issues which hinder business and irritate users:

1. Duplicated logons across several systems (Network, business applications)

2. No common and automatic contact list/GAL across the group of companies

3. No simple way to share files on file servers

4. A lack of a central and organisation based … services

5. No free-busy calendar outside of each specific organisation.

These issues make work harder and less efficient then it can be with double handling by user support and data management teams. To address these issues the general plan for organisation consolidation seeks to target the following:

1. A single and consistent contact list/GAL across all organisations

2. Simple and common shared folders and files

3. A single Intranet across the group of organisations with the ability to host general and specific business information

4. Common email platform across all users while maintaining the organisational persona for external email

5. Free-busy across all users

6. Movement to a common Office365/BPOS messaging system.

Over and above these the users are able to share a common internal environment with a common logon experience and desktop look and feel.

Snakes on a plane; ahem Snakes on a phone

 

Where is the middle ground?

 

An average of about 3Kb, but a peak of 7.6Mb...

VDI is so simple

 

I don't know why everyone doesn't do it. At least we have a grip on it…

Agenda to review VDI rollout

 

Understanding the design goals for VDI (Customer)

Understanding the Datacentre/storage/ESX and servers (Customer)

 

Keys to VDI (Vendor)

The current physical desktop

Optimising the desktop for VDI

Application deployment (XenDesktop, Xenapp, Streams and in-gold-image)

Printing, logon scripts and other scripts

Home folders, USB, drive redirection

Profile Manager

Persistent verses non-persistent desktops

 

VMware details

DR, HA, DRS, VMotion

Clusters locations, and replication

Building out production

Keep and upgrade or Rip and replace pilot

VDI went live

Well, it has been two months work (one month for two TC's and a PM) but we went live with VDI for the first 150 users, 4500 to go.

The solution is based on 6 x (2 x 6 CPU AMD), VMware servers in a cluster with HR/DRS and it is smoking fast. There are two more servers acting as provisioning and file services with the same specifications. We are planning on about 10 users per-core and need storage to suite.

The OS is Windows 7 32-bit, Adobe CS5, Office 2007, Java, Flash, Shockwave, Silverlight. It has 30GB C-Drive and a 10GB D-Drive. Each VDI session gets 3GB of RAM and a .5GB swap file. To use it is just like the first logon to a new W7 computer and usage and screen is great, again just like hardware.

Application are native, streamed in if they start in about or less then 1 minute to start and Traditional Citrix servers for problematic apps.

There were lots of little problems to address, such as: VMxnet drivers, SOE look and feel, Printers, bad apps, slow apps, java apps, dealing with image revisions, Windows 7 firewall, networking, building it twice on two hardware platforms just to name a few.

But it looks great in production.

Transfer your Ubuntu application packages to a clean install

Transfer your packages to a clean install
5/01/2010 by Tyler James

With all the new installs of Ubuntu and clean upgrades going on right now, I thought I'd point out a few great ways to package up the apps you have currently and prepare them for a clean Ubuntu install. This can be useful if you're installing the same applications on a number of computers, or simply know exactly all of the programs you need and want to preserve this for a clean install. There's two great ways to do this, one which works well on computers with an internet connection, and one which works great when you don't have a connection.

Method #1
The first method works off of a little command line utility called Dpkg-Repack, which can be used to repackage any apps installed from apt into a deb, which can then be installed cleanly anywhere. With a little terminal-fu, this can be used to package up everything you've installed from the Software Center or apt into a giant deb.

We do this with three simple commands:

* sudo apt-get install dpkg-repack fakeroot
* mkdir ~/dpkg-repack; cd ~/dpkg-repack
* fakeroot -u dpkg-repack `dpkg --get-selections | grep install | cut -f1`


This installs the program along with fakeroot, which is used to allow selecting without conflicts of permissions. Then the second command creates a directory to store the deb in, and then lastly the third command which will take some time to complete will package up the installed applications into the big huge deb. Theres now a directory in the home folder with the deb.

Now, to reinstall this whole set of applications, we move the whole thing over to a usb drive and copy it over to the new computer or new install, and run:

sudo dpkg -i *.deb
This will install everything packaged up, even without an internet connection!

Method #2
The second way of doing this doesn't create a large package, but rather a small list of apps that can be used to direct your computer to what to reinstall. This requires no installation of anything to actually run the command, but does require an internet connection. Now, this creates a list of everything, even standard system stuff, so don't get freaked out if theres stuff you've never seen on it before. Any overlap with standard stuff works itself out, it won't reinstall or duplicate things. The really nice thing about this method is that you can manually add or subtract stuff from the list.

To do this, run this command:

* sudo dpkg --get-selections > installedsoftware

Then, all you have to do is copy that folder over to the home folder of the next computer and/or after the clean install, and then run:

* sudo dpkg --set-selections < installedsoftware

Remember, this second method requires an internet connection.



From: http://www.omgubuntu.co.uk/2010/05/with-all-new-installing-of-ubuntu-and.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+d0od+%28Omg!+Ubuntu!%29&utm_content=Google+Reader

The Quest software quality

Let me just explain, this is the quality of Quest migration software. No sledging as I have only used Migration Manager for NDS, AD and Exchange. There other products may be awesome?.