OS X:IP\System information on 10.7 Login Window

OS X, System Administrator No Responses »
May 232012

under 10.6 and previous versions of OS X you could click on the text on the login window and cycle through information about the computer (Serial number, Name, IP, Network accounts, …).  This was done away with under 10.7.  You regain the ability to retrieve this information from the login window with the below line of BASH:

defaults write /Library/Preferences/com.apple.loginwindow AdminHostInfo HostName

This will need to be run with root permissions, so either use su or sudo to run this in terminal on the machine (i.e. sudo defaults write /Library/Preferences/com.apple.loginwindow AdminHostInfo HostName) or you can send it to a few computers through apple remote Desktop using the unix button.  Make sure you choose to have it run as root on the remote computer.

Once you run this on a machine, you can now click on the clock in the upper right hand corner and it will cycle through the computer name, OS Version, and IP Address next to the clock with each click.

I like to give credit that i found this tip on afp548.com[here], it’s not my own creation.  But wanted to repost it so that others would hopefully find it helpful.

Posted by randerson at 5:00 pm Tagged with: , , , , ,

Moving DHCP from Server 2003 to Server 2008

System Administrator, Windows No Responses »
Apr 052012

I’m in the process of upgrading all of our Servers to 2008 and one of the servers that I’ve had to migrate recently is our DHCP Server.

In doing research before I moved DHCP i came across an article or a post stating that backing up a server 2003 DHCP server and then restoring it on a 2008 DHCP will appear to work, but will eventually give you problems and\or corrupt.

Not wanting to have to recreate all of our scopes and any reservations that we had set, i did find a way to move the data using the netsh command that doesn’t appear to suffer from the same problems as a backup\restore does.  (I don’t know why, just that my research showed this was the only method to migrate data between the two without risking problems down the road)

On the Source 2003 DHCP Server, open a command prompt and enter the following commands:

netsh
dhcp server
export <Filename.dat> <ScopeAddress>

This will create a file named FileName.dat in whatever directory you are in when you type the nets command.  I named my files the same as the ScopeAddress so as to avoid confusion.

Next you need to get that file onto the 2008 DHCP Server.  You will also need to launch the command prompt as administrator.  The easiest way I’ve found to do that is to find command prompt in the start menu (either the recently used programs or under all programs-&amp;amp;gt;accessories and right click and choose run as Administrator.

Now enter the following after you have changed to the directory containing the .dat file you exported previously (NOTE: since the command prompt is running as Administrator, i found that you do not have access to your network shares anymore, copy the .dat file somewhere local on the server):

netsh
dhcp server
import <filename.dat>

you should receive a message that the import was successful.

Refresh your DHCP console on the server 2008 and verify that the scope was created along with all options as well as any existing DHCP Leases.

Now you will need to deactivate the old scope on the 2003 DHCP Server and reconfigure any routers with the new IP Helper-Address so that DHCP requests are sent to the correct DHCP Server.

Posted by randerson at 5:07 pm Tagged with: , , , , ,

HP SmartArray E200 and The Cache Module

Uncategorized 8 Responses »
Sep 052011

I don’t often do much in the way of hardware, but recently I had some problems with a couple of our Proliant DL180 G5 servers and the controller for the RAID array.

We took a power outage to our building and the generator that was supposed to come on never did. the UPS was speced to handle the period of time between a power outage and the generator coming on, so after a few minutes all of the servers powered down. Not necessarily what i wanted to come into on Monday morning, but it did highlight a couple of needs that i had expressed over the past couple of years.

When i powered everything back up, I only had 2 servers that came up with any large problems. Both seemed to be issues with the Smart Array controller as the server would get to that point in the POST and would sit at SmartArray E200 initializing for a few minutes and then fail to boot. I contacted support and they had me do a few things:

1. Boot from the Easy Setup CD and go to Maintenance and run Array diagnostics – Array diagnostics couldn’t find that any array controllers were installed.

2. update the flash rom for the server – There is a download for the server that then creates a bootable USB stick that you can use to update a server that won’t boot into the OS.

3. Reseat the Cache module on the controller card – there’s a chip on the Smart Array controller card that on first glance looks like a chubby piece of memory.

4. upgrade Storage Firmware using Maintenance CD – there is another download on the HP site to take their maintenance CD and create a bootable USB Drive.  then you can update\replace some of the drivers on the CD.  once you boot off the USB stick, it can automatically detect any updates and apply them. it also failed to see that there was a Storage controller installed.

5. boot with Cache removed from SA E200 – they then had me remove the Cache module and boot the server with the slot on the controller empty.

6. Move Smart Array card to another slot, Clear CMOS, upgrade Firmware with Smart Update Manager – i considered this their hail mary before they replaced the controller. they had me move the controller card to another slot on the server, clear the CMOS (this is done by holding down a button on the motherboard labeled CMOS, when you power back up the system date and time will need to be reset) and then try to update using the USB key from step 4.

so after all this we were still at the same place as we started.  so they sent out a new Smart Array E200 controller card.

I replace the controller card and was still having the exact same problem.

I got back on the phone with support after quickly running through the above 6 things.  I was trying to save myself having to run back and forth to the server when support asked me to try them again. since i had already exhausted all the prompts on their screen (i guess) they considered this an odd single case issue (funny that i had two servers doing the same thing), and had to get special instructions which amounted to replace the Cache module.

the new cache module came the next day and once installed the server booted normally.

oddly, for the second server the next support person that i got insisted it was the motherboard since booting with the cache module removed did not make any difference and setup for a tech to be dispatched with a motherboard.

I spoke with the tech and he confirmed my suspicion that the motherboard was most likely not faulty and that it was more likely the cache module.  He explained that it used to be that removing the cache module would allow the server to boot, but he has recently found that if the server shipped with the cache module installed, the servers seem to expect it to be there and if it’s not (or it’s faulty) the controller can’t initialize.

So he came out the next day with a new cache module, installed it and the server worked fine.

Posted by randerson at 7:44 pm Tagged with: , , , ,

Python: Dealing with Time

scripting No Responses »
Aug 032011

Python has alot of functions for working with times. this might be necessary if you’re working with Log files or in my case, payroll files.

the first thing i needed to do was get the time out of a text file with Fixed Length. I then had to convert that string to a datetime object so that i could use the various time functions available in Python. 

	#get characters located between position 8 and 13.
	In = employee[8:13].strip()

	#define a timeformat for use in various places throughout the program
	TmFmt='%H:%M'
	#take the previously obtained string and convert to datetime object.
	TimeIn = datetime.datetime(*time.strptime(In,TmFmt)[:6])

Let’s look at that last line a little closer

	TimeIn = datetime.datetime(*time.strptime(In,TmFmt)[:6])

first we take the string In and apply a function called strptime along with the format we have defined in the variable TmFmt. strptime can take a date and time in a string and breaks it into tupples, the outer function then converts this to a datetime object and puts it into TimeIn. my example only contains time, but it could also contain the date (%m=month, %d=day, %y=year).

We can now use Python’s time and datetime functions on TimeIn.

say you had a given time and you wanted to add 8 hours to it, you use a function call timedelta.
Assuming that TimeIn is the datetime object that we created in the previous step, we could do the following. 

	TimeOut = TimeIn + timedelta(hours=8)

that then adds 8 hours to TimeIn and stores it in TimeOut.

if you had two times, you might want to find the difference between them.

	Shift = TimeOut - TimeIn

yep, that simple. except that Shift is a TimeDelta object. you can print it by just typing print Shift, but if you want to do any comparison on it, you have to compare it to another timedelta object. the below example shows testing if the shift time is greater than 5 hours. 

	If Shift > time.timedelta(hours=5):
		print "Full Shift"

here’s a small example making use of some of the things mentioned in one script.

assuming a file name 20110729-time.txt containing:

22134508:0016:0020110729
22142508:0016:1520110729
22131608:0016:0020110729
22111809:0017:0020110729

here’s a script to read through that file and tell you what hours each person worked and how many hours they worked, minus their unpaid meal time. and in the case of >8 hours in a day, adds the additional time again for Overtime. 

import datetime,time
from datetime import timedelta

#format for reading time from strings and priting them
TmFmt='%H:%M'

#open import file and create file for export
InputFile = open('20110729-time.txt', 'r')

#read through each line of the import
File = InputFile.readlines()

#For Each Employee in teh above file, process their record
for employee in File:
	ID = employee[0:6]
	TimeIn = datetime.datetime(*time.strptime(employee[6:11],TmFmt)[:6])
	TimeOut = datetime.datetime(*time.strptime(employee[11:16],TmFmt)[:6])
	DateIn = employee[16:24]

	#Get total number of hours for shift
	TotHours = TimeOut-TimeIn

	#Subtract unpaid meal time
	TotHours = TotHours + datetime.timedelta(minutes=-30)

	#See if shift longer than 8 hours, and if so, add the additional time again
	if TotHours > datetime.timedelta(hours=8):
		OTHours = TotHours - datetime.timedelta(hours=8)
		TotHours = TotHours + OTHours

	#Print out a block of information detailing their hours
	print "Employee: " + ID
	print "Date: " + DateIn
	print "Time In: "+TimeIn.strftime(TmFmt)+"\t Time Out: " + TimeOut.strftime(TmFmt)
	print "Total Hours: " + str(TotHours)
	print "\n"

InputFile.close()
Posted by randerson at 9:00 am Tagged with: , , , ,

Clearing Browser Caches from the command line - Windows and OS X

scripting No Responses »
May 022011

We had a problem with one of our systems and support made a registry change on the server. The problem was that then all of the client machines had to have their browser caches cleared as well as the java cache. This is all well and good, except we have ~2000 computers that this would need to be done on. so I found these couple of commands that seem to do the trick on windows and OS X respectively.

for Windows, i created a .bat file and made it a logon script for the OU containing the users that would access the affected system. The script contained two lines: 

#Clear Java Cache
javaws -Xclearcache -Xnosplash

#Clear IE Cache
RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 8

For OS X, we had the following three lines that we sent to the computers through Apple Remote Desktop once the users were logged in:

#Clear Java Cache
javaws -Xclearcache -Xnosplash

#Clear Safari Cache
killall Safari
open -a Safari

I couldn’t find anything for Firefox, so if anyone has commands that clear the cache from Firefox, please share.

Posted by randerson at 5:00 pm

Windows: Access Logon Scripts from GPMC

Uncategorized No Responses »
Mar 302011

I’ve been having a problem accessing my logon scripts through the Group Policy Management console. I would open the policy that the the script was associated with, drill down to the logon scripts and click show files. I’d get a window with all of the logon script associated with that Policy, but when i would right click the .vbs file, it would tell me I don’t have access. logons would process the script correctly, so it wasn’t that the policy was corrupt.

it turns out that it appears it is a result of Internet Explorer’s enhanced security in Server 2003. Knowledge base article 815141 (http://support.microsoft.com/kb/815141)covers the enhanced security, but what we’re particularly interested in is about a third of the way down where it talks about security zones:

Access to scripts, executable files, and other files on Universal Naming Convention (UNC) shared folders is restricted unless the shared folder is added to the Local intranet zone explicitly.

so I went into Internet Explorer, Tools -> Internet Settings, Security tab. clicked on Local Network, and then sites. I added \\mydomain.int to the list and now i can edit the logon scripts through GPMC.

Posted by randerson at 9:50 pm

Scripting: Changing Windows Local Admin Password

Uncategorized 1 Response »
Nov 242010

One of the lovely students here was found to have our local admin password, something that inevitably seems to happen every other year. How he got it is a discussion for another post which will include what measures we put in place to try and keep it from happening again.

The more immediate concern is how do we change the local password on 1000+ computers without having to visit each one? I’ve written a vbscript that takes a comma-delimited file with the first column being the IP and the second being the Computer name and outputs two lists, one that were changed & one that were not. I got the input file from our DHCP Server by exporting the Scope for the building where the password was compromised. I then got rid of the other columns that I didn’t care about. I also broke the file down into smaller chunks just to make it more manageable and so that I could send information to the building tech on the computers that failed in smaller batches.

The script I wrote takes this file as input (c:\script\workstations.txt) and spits back out two files (c:\script\Done.txt & c:\script\NotDone.txt) Done contains the computers that the script was able to contact and changed the local admin password on and NotDone has the ones we were unable to contact and therefore were not changed.

I don’t want to claim this all as my own, so I did borrow the IsAlive function from another post I found. If I can find it again, I will link to that post. 

Option Explicit

Dim fso, user, ts, temp, src, WshShell, PINGFlag, ComputerArr
Dim dstGood, dstBad, tsGood, tsBad
Set fSO = CreateObject("Scripting.FileSystemObject")
Set WshShell = CreateObject("WScript.Shell")
src = "c:\script\workstations.txt"
dstGood = "c:\script\Done.txt"
dstBad = "c:\script\NotDone.txt"

If Not fso.FileExists(src) Then
WScript.Echo "File: " & src & " cannot be found."
WScript.Quit
End If

Set ts = fso.OpenTextFile(src,1)
Set tsGood = fso.OpenTextFile(dstGood,2)
Set tsBad = fso.OpenTextFile(dstBad,2)
Do Until ts.AtEndOfStream
	temp = ts.ReadLine
	ComputerArr = split(temp, ",")
	if isalive(ComputerArr(0)) then
		wscript.echo "Ping Success: " & ComputerArr(1)
		Set user = GetObject("WinNT://" & ComputerArr(0) & "/Administrator,user")
		user.setpassword "YourNewPassword"
		user.setinfo
		tsGood.writeline ComputerArr(1)
	else
		wscript.echo "Ping Failed: " & ComputerArr(1)
		tsBad.writeline ComputerArr(1)
	End IF
Loop

Function IsAlive(strHost)
    Const OpenAsASCII = 0
     Const FailIfNotExist = 0
     Const ForReading =  1
     Dim objShell, objFSO, sTempFile, fFile
    Set objShell = CreateObject("WScript.Shell")
     Set objFSO = CreateObject("Scripting.FileSystemObject")
    sTempFile = objFSO.GetSpecialFolder(2).ShortPath & "\" & objFSO.GetTempName
    objShell.Run "%comspec% /c ping.exe -n 2 -w 500 " & strHost & ">" & sTempFile, 0 , True
    Set fFile = objFSO.OpenTextFile(sTempFile, ForReading, FailIfNotExist, OpenAsASCII)
    Select Case InStr(fFile.ReadAll, "TTL=")
         Case 0
            IsAlive = False
         Case Else
            IsAlive = True
    End Select
    fFile.Close
     objFSO.DeleteFile(sTempFile)
    Set objFSO = Nothing
    Set objShell = Nothing
End Function
Posted by randerson at 9:47 am

Microsoft IAS and Procurve Radius Authentication

Networking, Procurve, System Administrator, Windows No Responses »
Nov 232010

On my to-do list for a year or so has been setting up Radius authentication on all of our switches. I don’t want to have to give everyone the local password on the switches, but still be able to grant access to people that [think they] have to have access to the switches.

By doing Radius Authentication I can create rules on the Radius Server as to who can access the switches and what level of access they receive. We already use Microsoft Active Directory, so Microsoft’s IAS was the easy choice for a Radius Server. I’m working on finding a way to script the creation of the client Objects, but for now I created a small number of clients for a small number of switches for testing.

In the IAS console, choose Radius Client. Either Action -> New Radius Client, or right click in the right half of the screen and choose New Radius Client.

Friendly name: DataCenter-1
Enter the IP or the DNS Name of the switch.
Shared Secret: the “password” that the switch and the radius server use to talk. Should be different from other passwords used on your network as it is passed unencrypted.

Next you need to create a Remote Access Policy. Right click in the right half of the screen and choose new Remote Access Policy.

Name: DataCenterSwitchAccess
Access Method: VPN
Choose Group and then click Add. Type the name of the Group in Active Directory that you want to grant access to the switches to. I created a group that I’m going to use just for granting access to the switches with.
Click Next a couple of times and then Finish.

Now we have to make one change and that is the authentication method. Right click on the remote access policy you just created and choose Properties. Click Edit Profile and then choose the Authentication Tab. Unselect anything that is selected on the screen and then check unencrypted Authentication (PAP, SPAP). Click ok twice.

Lastly, we need to set up a Connection Request Policy. I setup a connection request Policy for each User that I wanted to access the switch. One of the reasons that I did this was to be able to include the service type to give certain people manager rights on the switches and everyone else operator rights.

Right Click on the right side of the Connection Policy Screen and Choose new Connection Policy.

I chose to do a Custom Policy

Profile Name: SysAdmin
I added User-Name and entered my username.
On the next screen Choose Edit Profile and Choose the Advanced Tab
Click add and find Service-Type. The default is Administrative, leave this if you want the user to have manager access to the switch. Set it to NAS Prompt if you want the user to be an operator. This user will get be asked to authenticate if they try to enter manager mode, and will get Access Denied If they enter their credentials since they don’t have manager access.

You will need to create a Connection Policy for each user that you want to access the switches.

You will notice that I have not entered an IP address for either of the two Policies that we created. The reason I’ve done this is that I don’t want to have to create a policy for each of the switches, or each of the switch\user combos in the connection policies.

On the switch you will need to enter four commands: 

Radius-server host <ipaddress> key <PassPhrase>
aaa authentication ssh login radius local
aaa authentication ssh enable radius local
aaa authentication login privilege-mode

the first sets up what Radius Server you want the switch to use and what the Passphrase it should use is. The next two allow you to login to the switch over SSH using radius credentials as allowed by the radius server. The last command enables the processing of the Service Type field that we added to the connection Policy to give access levels.

You can also use radius to Console, web, and telnet authentication, just replace the ssh with the one you want above.

You now can use select AD Credentials to login to the switch. This is part of another project I’m working on which is getting Rancid up and running. I’m hoping to have a post about that up sometime next week.

Posted by randerson at 3:47 pm

Scripting:Cleaning up behind vendor backups

Uncategorized No Responses »
Oct 272010

We all have them, those applications where they perform a backup periodically and place the backup inside the programs folder structure. this is great if you’re trying to recover from a problem within the application, but what about if the hard drive goes? and most of the time, the program just keeps dumping backups and doesn’t clean up old ones.

I wrote this script to handle these two problems. At the beginning of the code you can modify strsrc and srdst to be the source(strsrc) and destination(strdst) that you need for your application. You can also set the age variable to be the number of days you want to retain backups in each directory for.

As always, I don’t claim that my code is pretty, just that it works. feel free to modify or comment on it. 

import shutil, os, stat, time
from datetime import date, timedelta

strsrc = "c:\\program files\\Application\\backup"
strdst = "S:\\bkup"
age = 14

strDeleteFromDate = date.today() - timedelta(days=age)

for files in os.walk(strsrc):
	for item in files[2]:
		strFileLoc = strsrc + "\\" + item
		strdateused = os.stat(strFileLoc).st_mtime
		year, day, month = time.localtime(strdateused)[:3]
		strLastUsed = date(year, day,month)
		if strLastUsed < strDeleteFromDate:
			print "/* ", item, ",", strLastUsed, ", Delete */"
			os.remove(strFileLoc)
		else:
			print "/* ", item, ",", strLastUsed, ", Keep */"
			shutil.copy2(strFileLoc, strdst)

for contents in os.walk(strdst):
	for things in contents[2]:
		strFileLoc = strsrc + "\\" + things
		strdateused = os.stat(strFileLoc).st_mtime
		year, day, month = time.localtime(strdateused)[:3]
		strLastUsed = date(year, day,month)
		if strLastUsed < strDeleteFromDate:
			print "/* ", item, ",", strLastUsed, ", Delete bkup */"
			os.remove(strFileLoc)
		else:
			print "/* ", item, ",", strLastUsed, ", Keep bkup */"
Posted by randerson at 1:33 pm
Older Entries
© 2013 Suffusion theme by Sayontan Sinha