Thursday, September 29, 2016

spacewalk-repo-sync, CentOS 7

I have create a huge collection of CentOS 7 child channels:

CentOS 7 Base x86_64
centos-7-updates-x86_64
centos-7-extras-x86_64
spacewalk-client-2-5-rhel-7-x86_64
epel-7-x86_64
spacewalk-2-5-rhel-7-x86_64
nux-dextop-el7-x86_64
trinity-r14-el7-x86_64
jpackage-5-generic-free
zabbix-24-rhel-7-x86_64
postgresql-95-rhel-7-x86_64

This is how I sync it:
cat > /root/sync-repo.sh << EOF
spacewalk-repo-sync -c centos-7-base-x86_64 --sync-kickstart
spacewalk-repo-sync -c centos-7-updates-x86_64
spacewalk-repo-sync -c centos-7-extras-x86_64
spacewalk-repo-sync -c spacewalk-client-2-5-rhel-7-x86_64
spacewalk-repo-sync -c epel-7-x86_64
spacewalk-repo-sync -c spacewalk-2-5-rhel-7-x86_64
spacewalk-repo-sync -c nux-dextop-el7-x86_64
spacewalk-repo-sync -c trinity-r14-el7-x86_64
spacewalk-repo-sync -c jpackage-5-generic-free
spacewalk-repo-sync -c zabbix-24-rhel-7-x86_64
spacewalk-repo-sync -c postgresql-95-rhel-7-x86_64
EOF
chmod +x /root/sync-repo.sh
cd /root
./sync-repo.sh

Wednesday, September 28, 2016

Create static DNS record, RouterOS 6

Go for IP -> DNS. Write down router gateway IP address as first DNS server.
Open static record configuration:

Create new record:

Make sure you create a record with dot (.) inside. In this example router will not work but spacewalk.pro will work instantly :)

Thursday, September 22, 2016

Install Deluge on CentOS 7

Install EPEL repository:
wget http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
rpm -ivh epel-release-latest-7.noarch.rpm
Install nux repository:
wget http://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop-release-0-5.el7.nux.noarch.rpm
rpm -ivh nux-dextop-release-0-5.el7.nux.noarch.rpm
Install deluge daemon and web interface which will be accessible through port 8112.
yum -y install deluge-web
Start service:
systemctl start deluge-web
Add firewall exception:
firewall-cmd --permanent --zone=public --add-port=8112/tcp
firewall-cmd --reload
#systemctl stop firewalld
Go to web interface http://x.y.z.w:8112/. Use password deluge.

Tuesday, September 20, 2016

Visio 2013 silent install, uninstall, detection, xml

setup.xml:
<Configuration Product="VISSTD">
<Display Level="none" CompletionNotice="no" SuppressModal="yes" AcceptEula="yes" />
<Setting Id="SETUP_REBOOT" Value="Never" />
<PIDKEY Value="AAAAABBBBBCCCCCDDDDDEEEEE" />
</Configuration>

silent-install.cmd
start /wait "" "%~dp0setup.exe" /config "%~dp0setup.xml"

silent-uninstall.cmd
start /wait %~dp0setup.exe /uninstall VISSTD /config %~dp0setup.xml

silent-install-with-detection.cmd
@echo off
setlocal EnableDelayedExpansion
set sw=HKLM\SOFTWARE
set u=Microsoft\Windows\CurrentVersion\Uninstall
set k=Office15.VISSTD
if not "%ProgramFiles(x86)%"=="" set x=Wow6432Node\
reg query "%sw%\%x%%u%\%k%" > nul 2>&1
if not !errorlevel!==0 (
start /wait "" "%~dp0setup.exe" /config "%~dp0setup.xml"
) else echo Visio 2013 already installed!
endlocal

silent-uninstall-with-detection.cmd
@echo off
setlocal EnableDelayedExpansion
set sw=HKLM\SOFTWARE
set u=Microsoft\Windows\CurrentVersion\Uninstall
set k=Office15.VISSTD
if not "%ProgramFiles(x86)%"=="" set x=Wow6432Node\
reg query "%sw%\%x%%u%\%k%" > nul 2>&1
if !errorlevel!==0 (
start /wait %~dp0setup.exe /uninstall VISSTD /config %~dp0setup.xml
) else echo no Visio 2013 found!
endlocal

Monday, September 19, 2016

Set VHD native boot, bcdedit

This is second part of bcdedit basic usage.
Here is first part how to backup menu, clone entry and restore from backup.

This time I already have two menu entries which simply do the same thing. I will modify the last entry and set operating system to boot from VHD file for this last entry.
bcdedit /enum

Now I want to modify "Another OS" and set custom VHD image. To do it so I use identifier (purple in the screen) of "Another OS" .
bcdedit /set {792b5050-7a8f-11e6-9050-001a4b742bac} device vhd=[locate]\win7x64ultimate.vhd
bcdedit /set {792b5050-7a8f-11e6-9050-001a4b742bac} osdevice vhd=[locate]\win7x64ultimate.vhd

[locate] means that the boot manager will look for vhd image in all available drives automatically. Another thing is I need to leave enough free space on my real drive as big it is inside vhd file otherwise i will get and error on boot up. For example if the operating system has 127 gigabytes disk then I need this much free space before I boot into VHD.

This is how it looks like at the end:
bcdedit /enum

Finally I can force again boot menu time out to 10 seconds:
bcdedit /timeout 10

Friday, September 16, 2016

Project 2007 silent install, uninstall, detection, xml

setup.xml:
<Configuration Product="PRJSTD">
<Display Level="none" CompletionNotice="no" SuppressModal="yes" AcceptEula="yes" />
<Setting Id="SETUP_REBOOT" Value="Never" />
<PIDKEY Value="AAAAABBBBBCCCCCDDDDDEEEEE" />
</Configuration>

silent-install.cmd
start /wait "" "%~dp0setup.exe" /config "%~dp0setup.xml"

silent-uninstall.cmd
start /wait "" "%~dp0setup.exe" /uninstall PRJSTD /config "%~dp0setup.xml"

silent-install-with-detection.cmd
@echo off
setlocal EnableDelayedExpansion
set sw=HKLM\SOFTWARE
set u=Microsoft\Windows\CurrentVersion\Uninstall
set k=PRJSTD
if not "%ProgramFiles(x86)%"=="" set x=Wow6432Node\
reg query "%sw%\%x%%u%\%k%" > nul 2>&1
if not !errorlevel!==0 (
echo MS Project 2007 not found. Installing now..
start /wait "" "%~dp0setup.exe" /config "%~dp0setup.xml"
echo Installation ended with error code !errorlevel!
) else echo Project 2007 already installed!
endlocal

silent-uninstall-with-detection.cmd
@echo off
setlocal EnableDelayedExpansion
set sw=HKLM\SOFTWARE
set u=Microsoft\Windows\CurrentVersion\Uninstall
set k=PRJSTD
if not "%ProgramFiles(x86)%"=="" set x=Wow6432Node\
reg query "%sw%\%x%%u%\%k%" > nul 2>&1
if !errorlevel!==0 (
start /wait "" "%~dp0setup.exe" /uninstall PRJSTD /config "%~dp0setup.xml"
) else echo no Project 2007 found!
endlocal

Thursday, September 15, 2016

Create new Windows boot manager entry, bcdedit

Destroy windows boot loader is very easy so I need to learn some commands first :)

Open cmd in "Run As Administrator" mode.

List boot loader configuration:
bcdedit /enum
this usually reports two entries.

Backup boot loader configuration:
bcdedit /export c:\backup20160914
This will create 4 files:
Create a new Entry:
bcdedit /copy {default} /d "Another OS"
This command always returns some entry ID which I need to use to set some details

Now I need to list again boot loader configuration:
bcdedit /enum
Now it has three entries.

I need to make sure that time out is good for this computer. Lets set 10 seconds
bcdedit /timeout 10
I can really restart computer and check if there is multi menu to boot operating systems at computer startup.

Sunday, September 11, 2016

Can not see complete list of IE trusted sites

Trusted sites screen is locked and I can not scroll down to view complete list:

One workaround is look this list though registry. Just go to:
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains
I have to open registry with user permissions otherwise it wont work.

Working With AD Users, PowerShell

#Show all Locked accounts in Active Direcotry
Search-ADAccount -LockedOut | select Name, SamAccountName

#Unlock user accounts one by one with confirmation
Search-ADAccount -LockedOut | Unlock-AdAccount confirm

#Show all AD users in alphabetical ordet
Get-ADUser -filter * -Properties name | sort name | % { $_.name } 

#Show the newest users in AD
Get-ADUser -filter * -Properties whenCreated,name | sort whenCreated | ft whenCreated,name -AutoSize

#Show the oldest users
Get-ADUser -filter * -Properties whenCreated,name | sort whenCreated -Descending | ft whenCreated,name -AutoSize

#Show hard working people
Get-ADUser -filter * -Properties PasswordNeverExpires,name | ? { $_.PasswordNeverExpires -eq $false } | sort name | % { $_.name }

#Show lazy bastards
Get-ADUser -filter * -Properties PasswordNeverExpires,name | ? { $_.PasswordNeverExpires -eq $True } | sort name | % { $_.name }

#List all email addresses for user orinoko
Get-ADUser orinoko -Properties msExchShadowProxyAddresses | % { $_.msExchShadowProxyAddresses }

#Which user has email address orinoko@gmail.com assigned
Get-ADUser -filter * -Properties msExchShadowProxyAddresses,name | ? { $_.msExchShadowProxyAddresses -like "*orinoko@gmail.com*" } | % { $_.name }

#Show users with expired password
Get-ADUser -Filter * -Properties name,PasswordExpired | ? { $_.PasswordExpired -eq $true } | sort name | ft name -AutoSize

#Show active users with expired password
Get-ADUser -Filter * -Properties name,Enabled,PasswordExpired | Where-Object { $_.Enabled -eq $true -and $_.PasswordExpired -eq $true } | sort name | ft name -AutoSize

#Show Disable AD users
Get-ADUser -Filter * -Properties name,Enabled | Where-Object { $_.Enabled -eq $false } | sort name | ft name -AutoSize

#Show Disabled users with expired password
Get-ADUser -Filter * -Properties name,Enabled,PasswordExpired | Where-Object { $_.Enabled -eq $false -and $_.PasswordExpired -eq $true } | sort name | ft name -AutoSize

#Show users which are supposed to used the system but has never used it
Get-ADUser -Filter * -Properties LastLogonDate,name,Enabled | Where-Object { $_.Enabled -eq $true -and $_.LastLogonDate -eq $null } | sort name | ft name -AutoSize

#Show newly created users which are superposed to change password at first logon
Get-ADUser -Filter * -Properties LastLogonDate,name,Enabled | Where-Object { $_.Enabled -eq $true -and $_.LastLogonDate -eq $null -and $_.PasswordExpired -eq $true } | sort name | ft name -AutoSize

#Possible hacker attempts
Get-ADUser -Filter * -Properties name,badPwdCount,Enabled,LockedOut,LastLogonDate,accountExpires | ? { $_.badPwdCount -gt 0 } | ft name,badPwdCount,Enabled,LockedOut,LastLogonDate,accountExpires -AutoSize

#Which user can not enter correct password
Get-ADUser -Filter * -Properties name,LastLogonDate,badPwdCount | ? { $_.badPwdCount -gt 0 } | sort LastLogonDate | ft name,LastLogonDate

#Add AD group to all users located in specific OU
Get-ADUser -Filter * -SearchBase "OU=Service Users, DC=contoso,DC=com" -Properties Name, EmailAddress | % { Add-ADGroupMember -identity "Contoso Service Users" -Member $_.DistinguishedName }

#Search all active users without users in groups Service Users, Domain Admins, Brokers
Get-ADUser -filter {(Enabled -eq $True)} -Properties LastLogonDate | ? { ($_.memberof | Out-String) -notmatch "Service Users|Domain Admins|Brokers"}| sort LastLogonDate | ft Name,SamAccountName,LastLogonDate -AutoSize

Saturday, September 10, 2016

Booting from a VHD is not supported on this system

I got Windows 8.1 Professional and I am trying boot Windows 7 VHD via native boot. The Windows 7 boot up logo shows up but now I got this message:
License Error
Booting from a VHD is not supported on this system

Turns out that I can only boot Widows 7 unless it is Ultimate or Enterprise version.
Luckily for my I found and created some Windows 7 Ultimate VHD and now it boots very good :)

Friday, September 9, 2016

Windows 10 bootable ISO with install.esd

install.esd is used for maximum space saving either it is inside iso file or either it is internet bandwidth. The only way I found to work with install.esd file is to convert it to install.wim, work with it and then convert it back.

How do I create Bootable Windows 10 media with customized install.esd inside?

In this case at first I have my Windows 10 base tools package installed.

The first step as always is to open ESDtoISO to convert original windows ESD file to ISO based stuff. I use option 2 to Create ISO with Compressed INSTALL.ESD

And the process completes:

The en_windows_10_pro_10240_x64_dvd.iso file has been created:

I extract this file to C:\iso
Overwrite C:\iso\sources\install.esd with customized install.esd file.

It is time for new ISO file creation.
Deployment Tools package still must be installed and now I execute:
"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Deployment Tools\amd64\Oscdimg\oscdimg.exe" -b"c:\iso\boot\etfsboot.com" -h -u2 -m -l"win10x64" "c:\iso" "c:\win10x64.iso"
Or if using 32-bit media then I run:
"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Deployment Tools\amd64\Oscdimg\oscdimg.exe" -b"c:\iso\boot\etfsboot.com" -h -u2 -m -l"win10x86" "c:\iso" "c:\win10x86.iso"
This will create file C:\Win10x64.iso or C:\Win10x86.iso.

Thursday, September 8, 2016

.NET 3.5 inside install.esd, Windows 10

The fastest way to get .NET 3.5 inside install.esd is to convert install.wim witch already includes .NET 3.5. I have done this in Inject .NET 3.5 into install.wim

In this case I still have C:\iso directory which include c:\iso\sources\install.wim which include .NET 3.5 inside it :)

I still have C:\ESD2WIM-WIM2ESD-wimlib-3 installed on my computer

Now I move install.wim to directory where conversion will happen:
move c:\iso\sources\install.wim C:\ESD2WIM-WIM2ESD-wimlib-3
Open C:\ESD2WIM-WIM2ESD-wimlib-3,
right click on convert.cmd, select "Run As Administrator":

This will take really long time!

Wednesday, September 7, 2016

Inject .NET 3.5 into Windows 10 install.wim

Before doing any of these steps Windows 10 Slipstream and Conversion Tools must be installed and Zero Touch Bootable ISO of Windows 10 must be created.

This time I will inject .NET framework 3.5 inside install.wim.

Lets extract en_windows_10_pro_10240_x64_dvd.iso to c:\iso

Now go Start -> All Programms -> Windows Kits -> Windows ADK ->
Right click on "Deployment and Imaging Tools Environment" and select "Run As Administrator"

Lets check if the basic information function works:
dism /get-wiminfo /wimfile:c:\iso\sources\install.wim
This will report something like this:
Create mounting directory:
if not exist c:\mount md c:\mount
Mount install.wim:
dism /mount-wim /wimfile:c:\iso\sources\install.wim /index:1 /mountdir:c:\mount
Slipstream .NET 3.5:
dism /image:c:\mount /enable-feature /featurename:NetFx3 /all /limitaccess /source:c:\iso\sources\sxs
Unmount install.wim:
dism /unmount-wim /mountdir:c:\mount /commit
Remove mounting directory:
if exist c:\mount rd c:\mount /Q /S
Create iso file:
"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Deployment Tools\amd64\Oscdimg\oscdimg.exe" -b"c:\iso\boot\etfsboot.com" -h -u2 -m -l"win10x64" "c:\iso" "c:\win10x64.iso"
If using 32-bit media then I run:
"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Deployment Tools\amd64\Oscdimg\oscdimg.exe" -b"c:\iso\boot\etfsboot.com" -h -u2 -m -l"win10x86" "c:\iso" "c:\win10x86.iso"
Now I have Windows 10 installation with .NET 3.5 inside:
C:\win10x64.iso

Tuesday, September 6, 2016

Create Zero Touch Bootable ISO, Windows 10 ESD

Windows 10 Slipstream and Conversion Tools must be installed before doing this!

Go to C:\ESDtoISO, right click on ESDtoISO.cmd and select "Run As Administrator":

Choose first option to create standard install.wim.
I choose first option cause i will later slipstream features like .NET 3.5 inside it.

While the conversion process happens I copy autounattend.xml to C:\ESDtoISO\ISOFOLDER:

At the end I have bootable automated ISO file:
C:\ESDtoISO\en_windows_10_pro_10240_x64_dvd.iso

Monday, September 5, 2016

Windows 10 Slipstream and Conversion Tools, ESD

Windows 10 can be downloadable in ESD format which saves internet bandwidth a bit. After all there are two types of ESD files. One type of ESD is a clone of DVD image but very compressed. Second type of ESD file is just install.esd which is same as install.wim but very compressed.

I use these links as Windows 10 source files:
http://b1.download.windowsupdate.com/d/updt/2015/07/10240.16384.150709-1700.th1_clientpro_ret_x64fre_en-us_9d40e15f430ab89a1eabb165acbf40c9f07d18bb.esd http://b1.download.windowsupdate.com/d/updt/2015/07/10240.16384.150709-1700.th1_clientpro_ret_x86fre_en-us_83d0ecebe1ccdde08a144a34df656d2af48c6b84.esd
I keep one of the ESD file in C:\ESDtoISO directory.

To convert ESD DVD image to ISO format I use ESDtoISO.
https://drive.google.com/file/d/0B6XjkIrefxmZbXIySUVPYURrOGM/view?usp=sharing
6355a0d7dcaf376c1d466750d5b13dd4
9ff7e9ca59e692c6b7614fea7b286c8d429bd5d3
I keep extracted this application under C:\ESDtoISO

To create Windows 10 zero touch installation I use this autounattend.xml file.
I keep this file in C:\ESDtoISO

For install.wim and install.esd conversion I use ESD2WIM-WIM2ESD-wimlib-3
https://drive.google.com/file/d/0B6XjkIrefxmZbnh0b0ZYczNlY0E/view?usp=sharing
6737bcea44267180a0c234f6ba182ca5
1071a5563721fe458e5cdc475faede35e7b4f5c5
I keep the files extracted under C:\ESD2WIM-WIM2ESD-wimlib-3

To create bootable iso file from extracted DVD iso file, add futures like .NET 3.5 I need to install Windows Assessment and deployment Kit 10. This package requires Windows 7 or later. I need to install only "Deployment Tools" component:

Blog Archive