Arricc

Well, its been a while, but I thought I’d share this little snippet.

Theres a big hoo-ha going round at the minute about a number of viruses that are exploiting autorun.inf to spread.

You can read all the gorey details over at CERT “Microsoft Windows Does Not Disable AutoRun Properly”

Essentially, the recommended fix is to set a registry key. I did read somewhere that this makes windows handle the file as a Win95 ini file but sadly I cna’t find the blog/article where I read that anymore.

Approaching this as a sysadmin and wanting to undertake minimal effort to resolve this issue I’ve create a Group Policy adm file to solve apply it to all the machines in an Active Directory domain. I’ve copied the contents below and attached the file to this post.

To use it:

1. Create a new group policy object in your AD
2. Edit it, right click on the Administrative Templates folder and remove all the default ones listed and add the one below.
3. Right click on the Administrative Templates folder and change the view filtering to not hide settings that can’t be fully managed
4. Group poicy editor will now display the setting to disable autorun which will set the appropriate registry key

ADM files are just text. You can either download the one below or copy and paste this (watch for the line wrap on the last line!):
(more…)

I’ve just started using a new (free) service called OpenDNS - http://www.opendns.com - at home and I’ve also set it up at work.

You need to know very little about How The Web Works™ to know that this can be a good thing.

DNS is where your computer takes a name like www.livejournal.com and turns it into a number that is used to route your computer to the right webserver.

OpenDNS doesn’t just give you the correct address for a website. It maintains a list of Phishing websites and redirects these to a safe page warning you about the site you were about to visit.

Of additional interest to me for its use at my work (and to parents who’s kids have access to the Internet) is that they don’t just categorise phishing websites, but they also have categories of adult and mature sites you can bar if you want (once you’ve signed up)

Took me a few minutes to setup (a little extra poking required at work, naturally). Very unintrusive - no software to install, just a couple of settings to change and they have lots of help pages on how to do that.

In response to the amount of comments I’ve had (which are way way more than I was ever expecting!) on my Exchange Mailbox Recovery article, I’ve written a script to convert your guids from the bad format that exmerge gives you to the one thats required for updating the user account.

You can access it here. Please leave any feedback on this post.

So, I’ve been playing with Drupal recently.

At first it did my head in, but then something sorta clicked. Not been near the Taxonomy module yet, but when I do I expect that process to reverse.

Anyway, I decided I needed a module that will allow users to show their LastFM stuff on their profile pages. I couldn’t find one so I wrote one.

I stared out with the Onlinestatus module as it did something very similar to what I was hoping to achieve.

Anyway, the module is attached should you feel so inclined. (Requires the profiles module I think. The one I based it on does anyway, so it probably does too.)

Download: lastfm.tar.gz

Oh my blog, how I’ve neglected you.

Here’s a couple of things I managed to cook up at work this week, again after spending an inordinate amount of time on Google looking for the answer and having to piece it together bit by bit.

The problem: how to store (and retrieve) staff photos in Active Directory. After the first twenty or so webpages I’d decided on using the jpegPhoto attribute. The secondary problem of getting the staff to submit to getting their pictures taken has already been solved by the new photopasses we’re all getting.
(more…)

Today I recovered a single mailbox from backup tapes on an Exchange 2003 server. The user had been deleted from Active Directory. The mailbox had passed the retention time on the server and been purged from the Exchange database.

I found very very minimal documentation on how to do this, it was so sketchy that I was almost afraid to try this.
We only have a single Exchange 2003 Standard server, and I believe that its a little bit simpler if you have Enterprise or more Exchange servers. So, for those of you in the same boat, here’s how to do it. (more…)

So, previously, I detailed how to do web virtual hosting to directories on the file system. This is all well and good, but I want to have users pidgeon holed into their own directories, plus I want users own websites to be stored under their own directories in a similar format to that used in the previous article (eg. /home/user/web/example.org/subdomain)

The problem lies with mapping domain names (example.org) onto user accounts (Alice? Bob?). This is where Apache and mod_rewrite come to the rescue again. On Wintermute I’ve installed Apache 2, but this recipe will work just as well with Apache 1.3. (more…)

Quick greasemonkey script to change links to community.livejournal.com/commname to commname.livejournal.com. Based off the “Always link to full LiveJournal userinfo” script.

Probably doesn’t take into account a bunch of stuff…

Download: changecommunitylivejourn.user.js

So, to reiterate - the main server (Wist) will hold all my own stuff, then I’ll be creating a user Virtual Server (Wintermute) on top of that for users to play with and/or break. All the user stuff is backended in a Xoops database using Xoops groups.

Wist is installed with Debian Sarge using a custom kernel including the vserver patches from Debian. This sort of thing is detailed elsewhere so I won’t go over it again here.

The core server software (all from the Debian archive) will include: Apache 1.3 with PHP4, Apache-SSL, Bind, MySQL 4.1, Exim4, ClamAV and Dovecot (I’ll be detailing the email setup seperately) (more…)

A quick overview of the key combinations you’ll use 99% of the time in screen

Screen is a really really handy little bit of software I leave running on all the Linux boxes I run.

From the man page:

DESCRIPTION
Screen is a full-screen window manager that multiplexes a physical ter-
minal between several processes (typically interactive shells). Each
virtual terminal provides the functions of a DEC VT100 terminal and, in
addition, several control functions from the ISO 6429 (ECMA 48, ANSI
X3.64) and ISO 2022 standards (e.g. insert/delete line and support for
multiple character sets). There is a scrollback history buffer for
each virtual terminal and a copy-and-paste mechanism that allows moving
text regions between windows.

It goes on a bit more at length. (more…)