Charles Gardner’s Effective IT Blog

This is just because I’ve had to deal with this multiple times, and I don’t want to forget.

OS X system integrated with Active Directory.  The local admin account has no problems with Photoshop Elements 6.  Non-admin users, like the AD accounts, find all the effects and filters are missing in Photoshop Elements 6.

The fix?  Go to /Library/Application Support/Adobe/Photoshop Elements/6.0/Locale and change the permissions on the en_US folder to grant Read & Write permissions to everyone.  Be sure to “Apply to enclosed items….”

Open Photoshop, and the effects should appear.

Applications, Operating Systems

I recently found a little gem that needs listing in the Is Your Friend series.  I really appreciate single discrete tools that do a job and do it well.  OldCmp from joeware.net is a great example.  OldCmp is a command line tool to cleanup old accounts from Active Directory.  Within that function the tool has quite a strong set of features to slice and dice through the discovery and disposal of old accounts.

Here is a basic run of the tool to find and list computer accounts that haven’t been accessed in a year:

oldcmp.exe -report -age 365 -llts -sh

When working with a client I am very cautious to delete, so I would disable those accounts and move them to an Archive OU in AD:

oldcmp.exe -disable -age 365 -llts -newparent “ou=Archive,dc=xxxxxxxx,dc=local” -excldn “Archive” -safety 10

If everything looks OK with that, add the -forreal flag to actually do the work and adjust the -safety flag to a reasonable value:

oldcmp.exe -disable -age 365 -llts -newparent “OU=Archive,DC=xxxxxxxx,DC=local” -excldn “Archive” -safety 20 -forreal

If after a couple months no one has squawked about problems, it is probably safe to delete those accounts.

Once the initial disable and move to Archive is done, you can run this to find accounts that may need attention:

oldcmp.exe -report -age 180 -llts -excldn “Archive”

Is Your Friend, Windows

Microsoft’s Hyper-V Server 2008 R2 can be a great hypervisor choice for a small business with just one or two servers.  In this environment though the common power protection scheme is going to be a single, direct-connected UPS with a USB signaling cable.  In this scenario we need to be able to safely shutdown the hypervisor and guests before power gives out.

I claim no original thoughts here, but I did want to preserve a link to a good answer I found and have implemented.  The original thread is here on the Technet Forums.

First create ups-shutdown.vbs and load it with:

set wmi = GetObject(“winmgmts:{impersonationLevel=impersonate,(Shutdown)}!\\.\root\cimv2″)
set batteryColl = wmi.ExecQuery(“select * from Win32_Battery”)
set osColl = wmi.ExecQuery(“select * from Win32_OperatingSystem”)

while true
for each battery in batteryColl
battery.Refresh_
if battery.batteryStatus = 1 and battery.EstimatedChargeRemaining <= 40 then
for each os in osColl
os.Win32Shutdown 1
next
end if
next
wscript.Sleep 15000
wend

Schedule this to run at startup using the Task Scheduler.  (Connect from another machine and set this up.)

Next create ups-monitor.ps1 and insert:

# Initialize Variables
# Shutdown threshold at 50% of remaining UPS capacity
$threshhold = 40
$interval = 60
$OnBattery = 0
$Event = 0

$hostname = hostname

# Create SMTP client
$Server = “mail.xxxxxxxxxxxx.com”
$Port = 25
$Client = New-Object System.Net.Mail.SmtpClient $Server, $Port

$Client.Credentials = [System.Net.CredentialCache]::DefaultNetworkCredentials

$To      = “admin@xxxxxxxxxxxx.com”
$From    = “hyperv@yyyyyyyyyyyy.com”

# Loop on Battery Query
while (1)
{
$bat = get-wmiobject -class CIM_Battery -namespace “root\CIMV2″
$batstatus = $bat.batterystatus
$batcapacity = $bat.estimatedchargeremaining
$timetoshutdown = $bat.estimatedruntime/2

if ($batstatus -eq 1)
{
$Event = 1
$OnBattery = 1
# “On Battery”

$Subject = “Utility Power Failure: {0} is running On UPS Battery” -f $hostname
$Body   = “UPS at {0} % remaining capacity, approximately {1} minutes before {2} shutdown.” -f $batcapacity, $timetoshutdown, $hostname

if ($batcapacity -lt ($threshhold +5) )
{
$Body = “Shutdown imminent at {0} %, with ” -f $threshhold + $Body
}

}

elseif (($batstatus -eq 2) -and ($OnBattery -eq 1))
{
$Event = 1
$OnBattery = 0
# “Power Restored”

$Subject = “Utility Power Restored to {0}.” -f $hostname
$Body   = “Battery at {0} % capacity. UPS charging… ” -f $batcapacity
}

if ($Event -eq 1) # Create mail message
{
$Event = 0
$Message = New-Object System.Net.Mail.MailMessage $From, $To, $Subject, $Body
$Message.Priority = [System.Net.Mail.MailPriority]::High
try {
$Client.Send($Message)
# “Message sent successfully”
}
catch {
“Exception caught in UPS_Monitor.ps1″
}
}

sleep $interval
}

Change the mail server, to and from address, and you’re in business.

Create ups-monitor.cmd with the following:

powershell -command c:\path\to\your\script\ups-monitor.ps1

Again using Task Scheduler, schedule ups-monitor.cmd to run at startup, and you’re set.

Make sure you have your VMs set to save at shutdown and autostart, and then go pull the plug on that UPS just to make sure things work to your liking.

Also from the above referenced thread, you can check the battery condition using powershell with this:

PS$ get-wmiobject -class CIM_Battery -namespace “root\CIMV2″

Have fun.

Hyper-V, Virtualization, Windows Server 2008

I was just setting up a Hyper-V Server 2008 R2 box and wanted to get backup running to an external drive.  I installed the Windows Server Backup role via the Core Configurator tool, but then the backups need to be configured and run via the wbadmin command line tool.

This command line reference for wbadmin was helpful so I wanted to mark it in case I need it again in the near future.

Hyper-V, Virtualization, Windows

Virtualization Benefits for Small Business

Coalescing a few links I’ve been keeping up with for further reading:

• Planning for a VMWare vSphere 4 Deployment
• Virtualization Benefits for Small Business
• Vimsh – /usr/bin/vmware-vimsh
• Drobo Performance Testing
• A Virtual Door Opens for SMBs

Other, Virtualization

Photo credit pedrosimoes7

I’m bookmarking a couple more videos to watch.

First, Defcon released their teaser set of videos from this year’s con, including Adam Savage’s “Failure”.

https://www.defcon.org/

Second, I saw a link to Marcus Ranum talking at TEDx MidAtlantic.

http://tedxmidatlantic.com/live/#MarcusRanum

Education, Events, Security

I had the opportunity to watch the first few minutes of the stream of Marcus Ranum’s talk at DojoCon 2009 but then had to go to a client site.  I was happy to see they posted the videos to UStream so I can go back and watch the rest.

Among those who spoke:

• Richard Bejtlich
• Marcus Ranum
• Chris Hoff
• …and a whole lot more

In case you want to catch up too:

http://www.ustream.tv/channel/dojocon-2009

Education, Events, Security

This post is mostly a note to myself.  I haven’t tried this yet, but the Disk2vhd tool from Sysinternals is for P2V for Microsoft virtualization such as Hyper-V.

When I get to try this out, I’ll post some notes about using it and how it stacks up against something like VMWare Converter.

Hyper-V, Virtualization

Just a quick note.  I will be moving my focus to putting posts up on my company web site at www.sterlingideas.com.  Any really technical items will still end up here, but I am going to make a new effort to post regular content over on the company site, particularly items of interest to my clients.

Be sure to add http://www.sterlingideas.com/feed/rss/ to your feed reader.

Other

Quick note:

When you do domain masquerading with sendmail, root is exempted from that by default.  No big deal unless the host name of your system is not actually registered in DNS.  I have a couple VMs that don’t need outside access or DNS registrations, but I’d like to receive their cron output cleanly.

This is a rather easy fix.  In most sendmail .mc files you will find the DOMAIN(generic) statement.  This refers to loading the generic.m4 file which includes a default statement to expose root without masquerading — EXPOSED_USER(`root’).  Copy the generic.m4 to mycustom.m4 and remove the EXPOSED_USER line.  Go to your .mc file and change the DOMAIN(generic) to DOMAIN(mycustom) and rebuild your sendmail.cf file.

Applications