Gregory MOUSSAT's questions

On a file server, a base folder contain user's folders:

This base folder is protected against user's actions (deletion, rename, dump of files, etc), users can only read and traverse it:

To protect each user's root folder, I explicitly deny them the right to delete their own folder:

This imply to add a deny on each folder.
Doing it on the base folder does not work: deny to the group Users to delete sub-folders, for This foler only --> they still can delete their own folder, because inherited permissions (deny to delete) have less precedence than explicit permissions (allow to modify).

With my method, users can still hide their own root folder. This is not a problem, but it show the folder is not 100% protected against actions.

1. do I use the "canonical" method?
2. how to prevent the users to hide their own folder? Or whatever other annoying things
3. any suggestions?

I have an old NEC Express5800/T120d server.
It was operating under Windows at reasonable fan speed.
I now want to use it at home with Debian, but the fans are always at full speed.

The power supply fan is at full speed. With Windows it was quiet. There is a data cable between the motherboard and the power supply.
The 1 x rear + 3 x front fans are also at full speed. With Windows they were relatively quiet.
Nothing into the BIOS and IPMI console about fan control. Only the current speed is displayed.

I installed lm-sensors and fancontrol without success:

$ sensors-detect
... with YES answer everywhere ...
Driver "coretemp":
  * Chip `Intel digital thermal sensor' (confidence: 9)
Driver "to-be-written":
   * ISA bus, address 0xca2
    Chip `IPMI BMC KCS' (confidence: 8)

So sensors-detect only see unusable devices.

Nothing more with pwmconfig:

$ pwmconfig
/usr/sbin/pwmconfig: There are no pwm-capable sensor modules installed

I installed freeipmi / freeipmi-tools:

$ ipmi-sensors
...
29 | PSU1 Temp        | Temperature                         | 24.00      | C           | 'OK'
...
32 | FAN1             | Fan                                 | 7936.51    | RPM         | 'OK'
33 | FAN2             | Fan                                 | 933.71     | RPM         | 'At or Above (>=) Upper Non-Critical Threshold'
34 | FAN3             | Fan                                 | 933.71     | RPM         | 'At or Above (>=) Upper Non-Critical Threshold'
35 | FAN4             | Fan                                 | N/A        | RPM         | N/A
36 | AIRVOL1          | OEM Reserved                        | 1.31       | unspecified | 'OK'
37 | AIRVOL2          | OEM Reserved                        | 1.31       | unspecified | 'OK'
...

But I don't know how to do more than just looking at the fan speed.
Most IPMI programs included into freeipmi asks for a hostname and user/password but I can not manage to understand what to enter.

I also tried upmiutil and ipmitool packages without better success. They all give me the fan status but I do not understand how to configure them.

I often use the integrated VSS feature on Windows files servers, to allow users to restore themselve some files. This also allow IT team to do the job fast when few files are involved, which is the most frequent problem.

For example I take one VSS per working hour (10 per day), and retain them during 4 weeks (5 working days per week) --> total = 200 VSS for 4 weeks

I'd like to use some "flexible" retention policy:
For example keeping each hourly VSS during 3 working days, then 4 VSS per day for the next 7 working days, then 2 VSS per day during the next 10 working days --> total = 78 VSS for 4 weeks

The space occupied by the VSS in both cases should be similar.
My point is not to save space. It is to extend the number of weeks during VSS are kept. But as NTFS can have a maximum of 512 VSS, then hourly VSS is not sustainable more than 10 weeks. And this is a huge number.

Question: do you think I should write a PowerShell script to manage the VSS retention policy? Or can I use something already done (script or software)?

On a Windows 2012 R2 server used as remote desktop, we installed Microsoft Office 2013 64-bit.

Several weeks later, an accounting software was installed. This required Microsoft Office 32-bit (we tested with 64-bit: failed).

So I uninstalled the 64-bit version, and installed the 32-bit version.

Word and Excel work well.
But Outlook display an annoying error message when launched (but works flawlessly).
The message is not displayed when Outlook is ran as an administrator (being admin is not sufficient, we have to right-click and ask to run as administrator).

• when someone run Outlook, we first have the usual blue rectangle with "Outlook" written in the middle
• then we immediatly have a small window titled "Microsoft Office 64-bit Components 2013" with a progress bar stating "Please wait while Windows configure Microsoft Office 64-bit Components 2013"
• 1 or 2 second later an error pop-up appear indicating "Error 2503: an internal error occured. Contact Microsoft support blahblah"
• we click on "Ok"
• we immediatly have the same pop-up but with error 2502
• we click on "Ok"
• Outlook now run correctly, until the next time we run it

Each time someone run Outlook we have this exact same scenario.
Steps 1 and 2 occur even when ran with administrator privileges.

I uninstalled/reinstalled the 32-bit version.
I did a repair install.

I deleted a vestigal C:\Program Files\Microsoft Office\.
It is recreated if we run Outlook with administrator privileges.
The error is the same with or without this folder. I even tested with full rights for everyone on this folder and its content.

Any idea to solve this problem?

Each night I copy several virtual disks with rsync from one Linux Debian computer to another Linux Debian.
Most files are raw images with "holes" into them: some parts were never written to, so remain unallocated on disk.

rsync hangs on one file, always the same. The hang occurs after 50 Gb transfered, and each time. I'm not sure if this is always at the exact same point, but ls -sh displays 50 Gb.
This is a 800 Gb file containing 151 Gb (so 649 Gb are unallocated). Some other virtual disks have similar figures, and rsync works well on them.

I have the exact same behaviour if I use rsync to update the file locally, without any network involvement (with --no-whole-file, this is a requirement, see later).

Once rsync is stalled, it uses one CPU core to 100% and zero disk activity on the receiving side (this is a pull request, so rsync is ran from this side) and zero CPU and zero disk on the sending side.
I let it ran during several hours.
Ctrl+c immediately stops rsync.
When ran to copy locally, once stalled I also have one CPU core to 100% and zero disk activity.

The only exception I found is when I rsync this file to a new location (ie the destination file does not exist). So I suspect the problem is related to the comparison between old and new data.

I use --inplace to limit writes to the destination disk, because snapshots are then used after each backup. So this option is a requirement, and rsync too, except if I found a tool able to update only changed parts of these files.

I backup several virtual disks (total = around 4 Tb), with several weeks of retention time.

I use 4 x 4 Tb disks in the computer dedicated to primary backup. The filesystem is ZFS RAIDZ2, so 8 Tb usable.
A secondary backup of 4 x 2 Tb disks (4 Tb usable) is on a separate building, storing last sunday's backup.

I manage the retention by doing snapshots: after each backup a snapshot is created on the primary backup filesystem. And the snapshots older than 90 days are deleted. The modified data amount is less than 4 Tb for 90 days, so everything is okay (in fact I have 30 last days + 9 previous weeks + 10 previous months, but this is not the point).

On the secondary backup I have only one backup. I plan to implement retention too.
I first thought to upgrade to 4 x 4 Tb disks (because of lack of space, I can't upgrade to 6 x 2 Tb) and do snapshots as in the primary backup.

Instead of upgrading hardware, what if I use ZFS compression + snapshots on the secondary backup?
Compression will lead to, say, 600 Gb free. Then snapshots will give retention of several days.

The saved virtual disks are updated with rsync, so only small parts are modified. So I think only small parts are "transmitted" to snapshots. But I don't find any source confirming this will work as I think.

Question: using ZFS on Linux with compression, will very big files with scattered modifications be snapshoted efficiently?

Some of our users do some basic management of their Windows computers.
Their accounts are regular users, and they have a local administrator to perform whatever their like: install some crapware, destroy printer settings, allow viruses to take solid ground, etc (I heard some of them act responsibly, but I think this is a local urban legend).
 

Case 1

• a Windows computer in a workgroup
• only one local administrator, named "local_admin"

When a regular user needs to enter an admin credential, the popup is filled with "local_admin" and the user just has to enter the password.

➞ perfect
 

Case 2

• a Windows computer in a workgroup
• one local administrator named "local_admin 1"
• one local administrator named "local_admin 2"

When a regular user needs to enter an admin credential, the popup is empty and the user has to enter the "local_admin x" and the password.

➞ how can we pre-fill with "local_admin 1" ?  

Case 3 (the one wich we have)

• a Windows computer in a domain named "company_domain"
• the computer's name is "local_name"
• only one local administrator, named "local_admin" (but I think this is exactly the same thing if their are several)

When a regular user needs to enter an admin credential, the popup is empty BUT the domain is pre-filled with "company_domain". So the user has to enter the user "local_name\local_admin" and the password, which is not convenient because they have to remember/note it most of the time along with the password on a Post-it.

➞ how to pre-fill the local computer's name in place of the domain name, or pre-fill the complete local admin name "local_name\local_admin" ?

We currently create one Active Directory admin_name for each of those users, then configure their computer to put this admin_name into the local admin group (we could alternatively do it from Active Directory).
This method is prone to errors, then leads to problematic admins privileges leaks.

We use WebDAV to share Outlook calendars.

I set up a WebDAV server with IIS on Windows 2012 R2. It works fine.
This Windows 2012 R2 is on the local network and it belongs to an Active Directory's domain. Every client are also on the local network, and belong to the same domain.
The WebDAV's IIS site only use "Windows authentication", which is the recommended setting.

When a domain user access a WebDAV share for the first time, he has to wait about 5 seconds before he is required to enter credentials. The user then type his domain user/password and the access is granted.
The WebDAV credentials are stored into the Windows's credentials cache (you can see/modify then with rundll32.exe keymgr.dll,KRShowKeyMgr).

If the user then change his domain password, the access to the WebDAV share no longer works, because the credentials used are the old ones stored into the cache.

This behavior is seen when using WebDAV from Outlook and from explorer.
We currently need only to solve the problem for Outlook.

Question: How to make Outlook use the currently logged user credentials, instead of asking to type it? So when the user change his password, everything still work.

Update: On a client computer I explicitly put the WebDAV share into the intranet zone of Internet Explorer. I also explicitly configured Internet Explorer to use the current user's credentials (this is not the default setting). But no improvement.

On fresh installs of Debian Jessie, after I set a static ip address, the DHCP client is still active. It even revert back to the dhcp ip address when the lease is renewed.

step 1: I modify /etc/network/interfaces:

source /etc/network/interfaces.d/*

auto lo
iface lo inet loopback

auto eth0
allow-hotplug eth0
iface eth0 inet static
        address   192.168.0.8
        netmask   255.255.255.0
        network   192.168.0.0
        broadcast 192.168.0.255
        gateway   192.168.0.5

step 2: I restart the network systemctl restart networking.service (no error message)

step 3: check if dhclient is running: ps x | grep [d]hclient
--> dhclient -v -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases eth0

If I reboot, dhclient is still launched.
I have this behavior on every Debian Jessie I install with static ip address.

I don't find were dhclient is launched: find and grep didn't found anything into /etc and /usr/lib
I'm not accustomed with systemd, and I don't understand dhclient is launched by systemd or not.

The running processes are (I removed my Bash session):

/sbin/init
/lib/systemd/systemd-udevd
/lib/systemd/systemd-journald
/usr/sbin/cron -f
/usr/sbin/atd -f
/lib/systemd/systemd-logind
/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
/usr/sbin/rsyslogd -n
/usr/sbin/acpid
/bin/login --
/usr/sbin/exim4 -bd -q30m
dhclient -v -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases eth0
/usr/sbin/sshd -D
/usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 108:113

Question 1: how dhclient is launched ?
Question 2: what is the "official" way to prevent it to run ? (except with apt-get remove/purge)

All of our Windows 8.1 computers suddenly refuse Remote Desktop connections.

The problem is when we connect TO Windows 8.1
We don't have the problem when connecting to other Windows versions.

edit: problem solved with the Microsoft update KB2962806. Thanks to Bertrand SCHITS for his answer.

What we found until now:

• we can always connect as a local user. The problem is only for domain users (admin and regular)
• we can connect with old mstsc.exe versions. For example we can connect from Windows 2003 and 2003 R2 computers. We can't connect from Windows 7, Windows 8.1, and Windows 2012 R2.
  If we copy the old mstsc.exe (version 5.2.xxxx) from Windows 2003 to a newer computer, we can connect
• if we connect from an old mstsc.exe version (as stated above), then during several minutes we can connect from whatever version we want. We must use the old version again after a random amount of time (from 30 seconds up to several hours)
• with the recent mstsc.exe versions we sometime can't connect some users, but this works with other users. This behaviour disappear as soon as we use an old version, and can reappear 2 days later
• (thanks to Warren's answer) if we manually add enablecredsspsupport:i:0 into the .rdp file, the credentials are not asked before connection (so the behaviour is the same as with old clients), and we can connect with whatever client version. But we can not auto-connect, and the login process involve each time to choose to logon as another user (even if it is the same user)
• (thanks to Pathum Anjana) we applied the optional update KB2830477 on both sides of the connections

What we tested:

• we tested from local network to local, and from distant to local. No difference
• we disabled the firewall
• we tested disabling every security features with gpedit.msc Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security
• we enabled auditing for logon events, and nothing into the logs. Nothing obvious into other logs (how to enable RDP protocol logs?)
• we tested on one computer located on another network (the domains are not related), which has only 7-zip installed. No printer drivers, no Group Policies, nothing else. It is only a fresh Windows 8.1 up to date. We have exactly the same problem
• we asked Google, and he said "I really don't know". He now direct us to this page, which is a very good answer but not really helpfull
• we removed every updates until february 25 (several days before the problem occured). No improvement, so the problem could be an existing setting set up to a different value by a recent update (and not reverted back when the update is removed, which is probably the usual behaviour)

When we can't connect, the error message is exactly the same as the one we get with a wrong password (but no entry into the security log):

• every computer has valid licences
• we use MSE as anti-virus
• some Windows 8.1 are preinstalled by the manufacturer (Lenovo), while others are installed by us. The only common factor I see is the fact we manage all of them

Any idea about what we can do to troubleshout this ?

I need to take several actions for some log messages. For example I want to log them to different files according to severity.

Everything is ok if I use this:

if $programname == 'myprog'                                       then -/var/log/myprog.log
if $programname == 'myprog' and $syslogseverity-text >= 'warning' then -/var/log/myprog-alert.log
if $programname == 'myprog' ~

This log every messages emitted by 'myprog' to /var/log/myprog.log
This log only warning and error message emitted by 'myprog' to -/var/log/myprog-alert.log
And the processing is then stopped (thanks to '~')

.

I's like to have something sexier:

if $programname == 'myprog' then {
    *.*         -/var/log/myprog.log
    *.warning   -/var/log/myprog-alert.log
    ~
}

But this later construction, albeit accepted by rsyslog, do not filter against programname.
For example every messages are written to /var/log/myprog.log even when originating from whatever process.

.

Anyone can explain where is my mistake or misunderstanding ?

.

Final method, from answers below:

use a "modern" rsyslogd. Version > 7.x.y
use this syntax:

if $programname == 'myprog' then {
    *.warning   -/var/log/myprog-alert.log
    *.*         -/var/log/myprog.log
    *.*         stop
}

or this one:

if $programname == 'myprog' then {
    *.warning   -/var/log/myprog-alert.log
                -/var/log/myprog.log
                stop
}

I need some Windows 2012 servers to be shutdown properly with the power button.

• If nobody is logged, the power button correctly shuts down the server
• If somebody is logged without a blocking program, it's okay too

But:

• if a session is locked, the power button does nothing
• if somebody is logged with a blocking program (notepad with an unsaved document for example), the button does nothing too

With previous Windows versions I was used to configure the power button behaviour with the GUI and modify a registry key (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\shutdownwithoutlogon) but this seems not any more relevant.

Does anyone knows the "offical" way, or a trick ?

Edit:
The system log display an event each time I press the power button. The kernel power manager has initiated a shutdown transition with event ID 109.
When the session is locked, this event is followed by nothing. And no other events in other logs.
When a program refuse to close, I have the corresponding log entry, so this will be okay soon.

We have a domain served by some Windows 2003 servers.
We have several Windows 7 Pro clients.

ONE client computer can't acces ONE member Windows 2003 server.
The other computers can acces every servers. And the same computer can access other servers.

With explorer, the message says the account is no activated.
With the command line, the message says the account is locked.
With commande line :

net use X: \\server\share
--> several seconds delay, then error (says the account is locked)

net use X: \\server\share /USER:current_username
--> okay

net use X: \\server\share /USER:domain_name\current_username
--> okay

From the same computer, the user can access other servers. From another computer, the same user can access any server, including the one denied from the original computer.

Aleady done :
unjoin then join the cilent from the domain.
check the logs on the server : nothing about the failed attempts (?!)

Is their any user mapping I'm not aware of ?

Since years I use slipstreamed Windows installations. This works very well, but preparing them is tedious :
1 - install a Windows with the last slipstreamed version we have (automated install)
2 - check Windowsupdate to see what's new, and take note
3 - download each new update available
4 - go to step 2 until no new update is available 5 - slipstream them into the last version we have (I already automated this step)

I'd like a way to automate parts or all of this.

Maybe a program able to know which updates are installed (already saw one, I don't remember which, and I know PowerShell can do this)... and able to download them ? Or to get them from local disk ? So the steps become :
1 - install a Windows with the last slipstreamed version we have (automated install)
2 - use Windowsupdate until no new update is available (any way to automate ?)
3 - use the magic program
4 - slipstream

edit : my need is for Windows 7 and 2008, but the goal is to be general because other people may have other needs.

On a Windows server which is in a domain, I have a script I run from scheduled tasks.

I want this script to be run under a mydomain\peter user account. It is simple to do it with scheduled tasks, if you know Peter's password. And once done, the script stops when Peter decides to (or has to) change his password.

On Linux, a cron job can be run with whatever user account without having to know the corresponding password. And root can run anything on behalf on another user (with su and sudo).

Any way to do this with Windows?

My need is for a old Windows 2003 server, but I can manage to run it from another computer.

We have a Windows 2003 with SCSI disks on a RAID card.
The SCSI card is now unusable. As the server is old, we don't want to buy an identical SCSI card, we prefer to change the server. But we first need to boot this Windows 2003 in order to do some work on it.

We have a complete backup image. We can restore it on whatever disk. But when we boot, Windows displays a message saying it can't boot because the disk interface is not the same.

If the Windows 2003 was still in function, we just have to plug a PATA disk, reboot Windows, agree with the new driver installation, and then this Windows could boot on a PATA drive.
But this wasn't done.

How can I make this Windows 2003 boot on a different drive hardware than the only one it knows ?
He knows a specific SCSI card.
We want to boot on whatever other hardware. Probably PATA is a good choice because the drivers are included on the Windows CD.

EDIT :
The server is since reinstalled from scratch.
The message was missleading. The problem was only about partition numbering. Once the initial and hidden partition was recreated, the boot could start.
But the boot process stopped while the screen was yet black.
No way to use the recovery console (admin password refused, even after erasing it with a live-cd), and no way to have /bootlog create the log file. So impossible to see which driver was the problem.

We often have to tweak, test, or repair some software when the users are not there.
For example, today one of us set up a new mail account on a user's computer, but the user is on holiday. This then requires that we impersonate the user.

Working on a computer when users are not here is very nice for us and them. But this often requires that we ask them their Windows account password, or we change it before we use it, and the user then have to change it back when he comes back but this require him to understand what has happened.

Is there a (fast) way to save then restore Active Directory passwords?
1 - we save the password
2 - we change the password to TECHPASS123
3 - we work on the computer, and we test if everything is okay with the user's account
4 - we restore the original password

We use Exim on our servers to send emails only from local automated users, as root, cron, etc.

We have to specify every possible users into /etc/email-addresses. For example:

root: [email protected]  
cron: [email protected]  
backup: [email protected]` 

This allow us to receive every email generated.

The problem is when we add a user for whatever reason (for example when we add a package, some add a user), we can forget to add this user to /etc/email-addresses. Most of the time it's not a problem, but this is not clean. And the overall method is not clean.
We'd like to configure Exim to send every emails with the same source address. i.e. every sent email comes from [email protected]

One way could be to use a wildcard or a regular expression into /etc/email-addresses but this is not supported.
I don't currently understand Exim enought to figure out how to modify this in a way or another.
Ideally, Exim should look into /etc/email-addresses first, and if no match it use the predefined address. But this is very secondary.

There are two places where this address is used:
1. when Exim send the FROM: command to the smtp server
2. inside the header

edit:
The rewrite section is the original one from Debian

begin rewrite  
.ifndef NO_EAA_REWRITE_REWRITE  
*@+local_domains "${lookup{${local_part}}lsearch{/etc/email-addresses} \  
{$value}fail}" Ffrs  
*@ETC_MAILNAME "${lookup{${local_part}}lsearch{/etc/email-addresses} \
{$value}fail}" Ffrs  
.endif

I just installed a brand old IBM server with a ServeRAID 4Lx card.
I installed the driver, and the ServeRAID manager software v9.30.
Everyting works as expected.

My problem is:
Yesterday, when not-so-randomly clicking here and there, I saw an email option in the ServeRAID manager software. It allow to configure a SMTP server, and emails addresses to send alerts.
Today I want to configure the email alert... and I don't find this damn parameter.
The documentation explain HOW to setup the SMTP, the addresses, etc, but not WHERE to find the parameters (the doc say this is in the "Actions" menu, but this isn't).

Anyone know where to find the email parameters into the ServeRAID manager software ?
I suspect I have to select a specific object in the window before the right option appear in the Actions menu.

EDIT: just to be clear: I already selected every object I found, and each time I checked into the "Actions" menu, and never found again the SMTP settings.
The documentation just mention I have to open the "Actions" menu and select "SMTP settings", but there is not such settings.
So I search a step by step method, or a clear way to find these settings. I know they exist because I saw them the day before I was ready to configure them.

For years, I have used vshadow + robocopy to backup data partitions to a remote iSCSI volume. This has been a very efficient method.

This has allowed me to have a "perfect" copy. Open files are copied without any problem, as well as ACLs and everything. In case of a major disk fault, I just have to plug the remote disk in as a replacement for the faulty one. This is much faster than recovering from a backup. I only have the last backup on remote disk. Other backups are done with Backp Exec in a more traditional way, with rotation, etc.

My problem is: I have never managed to do a working backup of a live Windows system partition.
I tested with Windows 2003.

I tested tons of possibilities. Once restored, all of them made it to the prompt to press Ctrl+Alt+Delete to log in. When I enter the username and password, nothing happens. The desktop never appears; there is no error message, just a screen with a uniform color. The machine is up, the services are up (even TSE is okay, but I can't login), the machine responds to pings, etc. But, there is no way to log in.

Example of what I did:

1. I use identical disks
2. I duplicate the source disk with dd, to the destination disk (this allow to have the bootloader, the same partition, etc, just to be 100% sure)
3. I start the source computer
4. I attach the remote destination disk with iSCSI (also done with a local disk: nothing better). Mapped to drive H:

5. I take a snapshot of the source disk, and map it to a drive letter:

    vshadow.exe -p c:\
    vshadow -el={edbed95e-7e8d-11d8-9d01-505054503030},g:
   

6. I copy the files:

    robocopy g:\ h:\ /mir /is /it /copyall /r:0 /x /v /fp /np /log:c:\robocopy.log /xd "g:\System Volume Information" g:\windows\Prefetch /xf g:\pagefile.sys g:\hyberfile.sys
   

7. I look at the generated log: no error, no warning

8. I stop Windows
9. I plug the destination disk in place of the previous local disk
10. I boot, but I can't login

I also tested without copying the registry. There was no improvement.

Is there a way to solve this problem ?