This video of a presentation by Scott Chacon has helped me start to get my head around Git.
I’ve started experimenting with Git in my current PowerShell project, and I’m going to watch it again, now that I’ve got a little bit of actual expeience.
Powershell, ACLs, and DFS-N
I’m working on some storage issues with our file services, and DFS Namespace services may the the best solution. But I will need to be able to keep the permissions on the DFS folders with targets in sync with the permissions on the target folders. I’m hoping that the new DFS-N PowerShell commands will facilitate this process. However, on my Server 2012 test system, I can’t get the help content to download for the DFSN-related cmdlets.
I did find this gem in the PowerShell Tips of the Week archive:
Windows PowerShell Tip: Working With Security Descriptors
Good stuff.
VSS diagnostics
For the past eight month, I’ve been working with EMC and Microsoft to diagnose a problem. Several time a month, during the backup of our primary Windows 2008 R2 file server, all the VSS shadow copies get deleted for the volume containing all our shared departmental directories.
This has two major effects. First, it means that our clients no longer can recover files using the Previous Versions feature of Windows. Second, it casts significant doubt on the validity of the backups performed at that time, which EMC NetWorker reports as having completed successfully.
We have been unable to find a technical solution to the shadow copy loss, so we will be reconfiguring our storage and shared directories to accommodate the limitations of NetWorker. In the meantime, I want to note a few of resources that have been helpful in diagnosing problems with VSS (it will be easier to find them here than in my pile o’ email):
Volume Shadow Copy Service (TechNet)
Volume Shadow Copy Service (MSDN)
Listing parent of AD object in PowerShell
Recently, I wanted to provide a client with a list of groups that related to some work he was doing. I wanted the group names as well as their location with AD. Although I often use the ds* commands or excellent ADfind tool for this type of task, I had been working in PowerShell on another project, so I decided to use the PowerShell ActiveDirectory module.
The Get-ADGroup Cmdlet pulled out the groups easily enough, but the there wasn’t a property representing the group object’s parent, nor is there an LDAP property that I could request (AFAIK). The object’s parent is contained within the DistinguishedName (DN) property, though.
For a group with the following DN:
CN=FOO-FileServices Administrators,OU=FOO,OU=Departments,DC=uvm,...
I just need to strip off the CN. I could split the DN on commas, remove the first element, and then reassemble what’s left to get the parent. I also needed to avoid splitting on an LDAP-escaped comma where a value actually contains a comma (e.g., CN=).
PS> $dn -split '(?<![\\]),'
HoW PGP Whole Disk Encryption Works
In my discussion and demo at the IT-Discuss Live – Security event in May, I used a short slide deck to describe—in broad terms—how PGP Whole Disk Encryption works. This laid the foundation for working through some common-ish support scenarios.
Having received several requests for a copy of the slides, here they are, in both PowerPoint (.pptx) and PDF formats.
Custom event log queries
I really like the newer event log model on Windows 2008 family, and the flexibility of the XML events and the queries that makes possible.
Recently, I started noticing a quiet failure of a scheduled task. The Task Scheduler thinks that the task completed successfully, though the executable called by the task action returned an error code of 3:
Task Scheduler successfully completed task “\ShareVol_Sync” , instance “{92ac3257-f52d-47eb-9a3a-ce02c5196bbd}” , action “diskshadow.exe” with return code 3.
I wanted to see how long this have been going on, so I switched from the Task Scheduler console to Eventlog Viewer, and navigated to the Operational log under “Applications and Services Logsâ€- Microsoft – Windows – TaskScheduler.
I started by using the using the Filter Current log dialog to select events with Event ID 201, but this included all “Action completed†events for all tasks. So I looked at the XML view for one of the events for the task I was researching. The event includes a data value named “ActionName†with the value “diskshadow.exe†that should allow me to find all the relevant events.
Next, I needed to refine my filter to look for this value in the events. I opened the Filter Current log dialog again, and switched to the XML tab, then checked the Edit query manually option. You get a scary warning about not being able to use the GUI again, but that only applies to the current filter. Be bold: click OK.
Next, I edited the query, following examples from this excellent Ask the Directory Services Team blog post. The query is junk the between the select tags. Originally, the query was simply:
*[System[(EventID=201)]]
To that, I added the following:
and
*[EventData[Data[@Name=’ActionName’] and (Data=’diskshadow.exe’)]]
So that the whole query looks like this:
<QueryList>
<Query Id="0" Path="Microsoft-Windows-TaskScheduler/Operational">
<Select Path="Microsoft-Windows-TaskScheduler/Operational">
*[System[(EventID=201)]]
and
*[EventData[Data[@Name='ActionName'] and (Data='diskshadow.exe')]]
</Select>
</Query>
</QueryList>
Now event viewer shows me only the “Action Completed†events for the diskshadow.exe command, and I can see exactly when the behavior changed.
Note that you can save use the query XML with PowerShell’s Get-WinEvent commandlet’s -filterXML parameter [See an example]. You can also use the Save Filter to Custom View option to make this view persistent.
I routinely review Windows’ Event logs during diagnostics and troubleshooting. I find the ability to query those logs for specific data is an indispensable technique. No more dumping to CSV and running findstr! I hope you find it helpful, too.
Use it up – Brother HL-3070CW Toner
Use it up, Wear it out, Make it do, or Do without.
There are some things that we can’t really do without. But good old Yankee thrift pains me every time I have to replace printer consumables.
I have a Brother HL-3070CW color laser printer at home, which I really like. I selected it specifically because it has an optional straight-through printing path, to reduce curl on heavier stock.
I’ve also discovered that it reports being out of toner based on page count or something, rather than a measure of actual toner remaining. I found two ways to make sure I get the most from my toner cartridges.
First, I found that there’s a menu for resetting the state of toner in the printer.
- Open the top cover
- Press the Cancel and Secure Print buttons together to bring up the toner menu
- Use the + and – buttons to select the toner cartridge to reset, and press OK (twice). Each color (CMYK) has two options, one each for standard and high capacity cartridges.
- When finished, closed the top cover.
In addition, it’s very easy to reset the physical switch on the toner cartridge, as shown in this short video:
Very easy to do.
(Both procedures from http://www.fixyourownprinter.com/forums/laser/39806 )
I’ve used the menu reset option several times, and I haven’t seen any problems with toner coverage on my printed pages.
When I do need to replace the cartridge, I have found the best prices on Amazon and NewEgg.
Script: Shadow Copy Report
We use EMC NetWorker for our enterprise backup solution. Since we migrated our primary file server from a NetApp filer to a native Windows server, we’ve been having a recurring problem with all the Shadow Copies for a volume getting deleted. There are strong indications that the problem is related to the NetWorker backups.
As we have been working on this issue with EMC (since the first week in January!), I wrote a script to tell me two things each morning; how many snapshots exist for each volume, and what VSS errors were logged, if any.
I thought someone might find it useful, so I’ve posted it as a separate page (the script doesn’t fit nicely in the column on the blog).
Webmail on a Netbook
Amid the praise for and complaints about the newer version of webmail, we received a plea from a netbook user. She pointed out that the new layout made it very difficult to navigate among her mail folders. I use a netbook myself, and I thought I’d share some things that we can do to improve our browsing from a netbook. Specifically, we’re going to take webmail from this:
to this:
Custom FSRM notification script
I’ve been working on a script to generate an informative message to users when they exceed quota thresholds on our file server. The features of the File Server Resource Manager (FSRM) provides a variety of useful variables that can be plugged into an automated email. However, we have found that it’s often very useful to provide more information about the kind of files that a user is storing, something akin to the output of the very useful and free utility WinDirStat.
I’ve made progress on the script that generates the email. However, I’ve run into a snarl in trying to configure the quota notification to run the script. The script runs just fine from a command prompt, even from a command prompt running as the Local System account. But when I trigger an FSRM event that should drive the script, I get an error in the Application Log: