In our environment, we have configured vRanger to backup with the equivalent of 2 full backups and 6 incrementals before the earliest backup is overwritten.  This provides some protection against a single full backup becoming corrupted for whatever reason and rendering the entire backup of that virtual machine useless.  However, this configuration does add a significant complication.  Because vRanger requires that a backup be written successfully before purging the oldest one, this means that we requires 3x the space on our backup repository as is used in the production environment.  As most of our VMs are in the 50 to 100GB range, this is acceptable.  However, we have 4 VMs that are at or over 1TB in in size.  This means that we require 4TB * 3 copies = 12TB of disk space on our repository just for these VMs!  This doesn’t even include the incrementals either.  We simply do not have enough space on our backup repository at this time to support this along with all of our other VMs so a compromise was required.

vRanger jobs unfortunately do not allow for any kind of granularity in VM backup configuration so we are unable to adjust for these VMs there.  We could create separate jobs for these VMs but that introduces complications of its own.  The ultimately solution that I worked out as to write a Powershell script to run as a scheduled task each day that automatically deletes the oldest full backup for these VMs provided at least 2 exist.  It seems to work fairly well so I figured I’d include it here should it be useful to anyone else.

Continue reading

This is going to be one of the more unusual HOWTOs I’m likely ever to produce for this site. It all started earlier today when I asked myself a seemingly simple question:

What is the average weight of famous celebrities that are roughly my height and age?

I was curious because I was wondering how far off the mark I currently was in terms of weight compared to what pop culture considers attractive.
In this day and age, finding the stats on celebrities is frighteningly simple. Aggregating those stats into something meaningful to my question however proved to be more complex.
First and foremost, I’d like to give full credit to the website with which the following information is based on:

http://www.celebheightandweight.com/actor.html

With that out of the way, let’s have a look at their site:

It looks nice enough. The vital statistics of over 400 celebrities are listed here. However, filtering it to get the information I wanted was impossible.
The only option then would be to extract and compile the data myself. Let’s begin shall we?

Continue reading

The script below was designed to solve the following problem in my environment.  We have 32 discrete home servers scattered across Canada and thousands of employees that use them.  The problem was appeared to have many times more folders than we did employees.  This turned out to be the result of having an incomplete take down process for terminated employees that ran for an extended period of time.  I therefore needed to write a script to identify all of the folders that were no longer used and could be archived or deleted.

This proved to be far more complex than I first suspected for at least the following reasons:

– Manually providing a list of home servers had the potential to miss entire file servers in a larger environment
– The folder names of the home drives did not always (often) match the username either due to spelling mistakes or varying conventions (firstname.lastname, firstnamelastinitial, lastnameonly, etc)
– The ACLs on the folders may not have been configured correctly and so the user couldn’t access it anyway
– The home drive was not configured in active directory for the user so they couldn’t use the folder even if it existed
– The folder ACL only contained SIDs as the employee account was deleted
– The ACL on the folder only contained the username from an obsolete but still around domain
– The user was terminated but their account was never disabled
– Someone else was given access to a folder and so even though the employee is terminated, we don’t want to remove it
– The user account had been deleted from Active Directory entirely
– The user account was created but the employee never started and so the account was never logged into
– The folder is only accessible to administrators
– The user moved to a new site and their OU was updated but their home drive was not so they are now accessing data over the WAN
– The account is in fact disabled or the account expiry is set
– and still more

Continue reading

I’ve decided to try to learn some of the basics of the Japanese language.  At first I thought I’d limit myself to memorizing some spoken phrases only but I found myself increasingly curious with how the Japanese writing system works.  I installed the Japanese keyboard on my tablet and… was immediately overwhelmed.  “How could anyone make sense of this?” I thought.  Rather than leave that as an open question however, I decided to answer it. I put the results of my research into a bite sized digestible blog post.  This is not designed to teach Japanese (because lord knows I’m the least qualified person in the world to do so) but rather describes how to simply write Japanese on a computer and in doing so demonstrates how incredibly complex the entire process is.  I have a whole new respect for the Japanese people for being able to make this language work.

If you’ve ever been curious how basic Japanese comes together into a coherent form but didn’t ever care enough to actually investigate yourself, this blog post is for you.

This HOWTO will describe what I have determined to be the requisite knowledge required to write Japanese on Windows Desktop Computer. In this example we will be using Windows 8.1.

• First, Install the Japanese “Input Method Editor” (more commonly known as an IME)
  • Go to Start / Control Panel / Language
    
  • Choose Add a Language
  • Select Japanese and press OK.
• You will now have the IME appear in the bottom right corner of your screen
• By default, it will show up with an English “A” to indicate that you are typing with the English

  

• Click on the “A” once and it will change to the character あwhich also sounds like “ah” in Japanese
• Right click on this system tray icon and you will be presented with a menu

Continue reading

My certification journey has produced its first physical fruit.

Windows 8.1 has now been officially released.  I tried to download the update but ran into a design decision Microsoft has made that I honestly can’t explain.

I discovered the only official way to download Windows 8.1 is by logging into the Windows Store using your Microsoft account.  I’m not sure if you installed Windows 8 yet but during the installer you’re asked to associate your machine to a Windows Live/Passport account.  They try pretty hard to make it seem mandatory too which how they present the UI.  I saw no value in linking my home personal login account to “the cloud” so I jumped through the hoops to setup a local account.

However, when I try to launch the Windows Store now to download the update, I’m told I need to complete association step in order to proceed.  I opted not to do that and instead started Googling to find a download of the Windows 8.1 installation media.  

It turns out though that Microsoft “has not released the ISO media for Windows 8.1. Please use the Windows Store to upgrade to Windows 8.1.”

Think about the implications of this for a moment.  If you’ve got a 4 computers in your house for your family all running Windows 8 that you’d like to upgrade, you have to go to each machine individually and re-download the 3.5GB installer.  This is compounded by the fact that Microsoft’s download service is slow not only because of everyone trying to get it on release but because so many people are now forced to re-download it that otherwise never would.  Think back to Windows XP SP3.  It was primarily only available via Windows Update.  They did that so it’d only have to download the bits you needed.  However Microsoft also provided a “link for IT professionals” that included the entire thing so that it can be installed offline or for multiple machines.  Microsoft has made that process now impossible.  In fact, based on my research, even small businesses with n number of machines still going to have to upgrade each machine by hand.  Why?  Microsoft is releasing the ISOs, but only for their Enterprise customers with Volume License agreements.  

I just can’t get over how insane a design decision this is.  The only real advantage I can see for them by doing this is that by forcing everyone to upgrade from the source, they can get more accurate upgrade telemetry and statistics along with increasing the install base for their online store, just like they did by removing solitaire from the retail release.  Is that really worth it?

There is apparently a trick that some people have had success with though which involved registering for a Windows 8 trial to get a trial key, downloading windows 8, pausing the download manager at 1%, starting another download which apparently grabs the 8.1 EBD file which saves into some folder 5 levels deep and then using some tool to convert the EBD file into a bootable ISO.  I admire the dedication in the community but seriously?

There are also of course torrents for it.  But this is the first goddamn Windows I outright paid for (Granted it was only $15).  Why the hell has Microsoft abandoned a technique they’ve encouraged since the dawn of high speed Internet — especially considering it’s a free update?

The mind boggles.  I’ll probably end up registering my live account to my Windows 8 install so I can download this thing so they’ll win on that front.  But since Microsoft encourages us to be efficient in their exams, I present an exam question for you:

You are a Network Administrator for Contoso.com.  You have 6 identical Windows 8 machines purchased from the same manufacturer running Windows 8.0 using retail product keys.  All computers are connected to the same ADSL modem with 5mbps of downstream bandwidth.  You need to upgrade these machines to Windows 8.1 with the least administrative effort.  Your solution must minimize bandwidth usage.  What do you do?

I don’t know the answer to this question for certain, but all signs point to d) Suck it up and manually download 21GB of updates and manually go to each machine to install it.

Or it might be c) Wait until Microsoft realizes how stupid this is and releases a standalone installer.

Being in IT means I have to take a lot of screenshots for use in various kinds of documentation. With the release of Windows Vista/7, Microsoft included the “Snipping Tool” which proved to be an invaluable improvement over any free solution I used at the time.  That is to say, alt-print screen and mspaint. Snagit was always available but not only was it a commercial product but it grew to be a beast in terms of functionality and size. I just wanted a simple screenshot tool that would allow for simple annotations.

Once I started posting this blog more regularly, I quickly realized I needed a way to obfuscate certain work related screenshots before publication. Using the snipping tool, this proved to be a pain in the butt as there are no shape tools… or anything really. With that in mind I finally decided to sit down and “see what’s out there” for free screenshot solutions. As you might expect, there are many, many of them. Over the course of nearly 2 hours, I installed more than a dozen tools. Some promising, some crap but none of them did exactly what I wanted.

My objective was to find a tool that had that met the following requirements:

• Tiny in file size, memory footprint and UI
• Portable (that is to say no installation is necessary
• Supports keyboard shortcuts so I can press a single key combination to select a region of the screen
• Simple annotation tools (I would have been able with the ability to draw only boxes)

Continue reading

I’m studying on BranchCache and needed a way to simulate a low speed WAN connection. I found someone who referenced a tool written by some guy who works for Microsoft called the Network Emulator for Windows Toolkit.  It allows you to simulate just about any kind of network connection or network level of reliability.

You want a connection with 60ms response time, 2% packet loss and 512k down and 128k?  You got it.  I took a few sample screenshots from the product as I was testing it out:

Continue reading

I have been playing around with Dynamic Access Control in Windows Server 2012 for a few hours now and finally got it doing something useful. I wanted to document in broad terms what steps were needed to configure DAC:

• Edit your default Domain Controllers policy and enable support for Claims
  
  • Claims are essentially the ability to perform authentication look ups based on any attribute stored in Active Directory
    
  • Computer Configuration / Policies / Administrative Templates / System / KDC / KDC support for claims, compound authentication and Kerberos armoring = Enabled
    

     

• Open up the Active Directory Administrative Center and go to Dynamic Access Control section
  
  • Select Claims Type
    
  • Create a new claim type for the AD attribute you want to authenticate with (ie Job title)
    • Select the AD attribute from the existing list, give it a friendly name and set the Suggested Values to what you’re going to look up
  • Select Resource Properties next and go to New / Reference Resource Property
    • Choose the claim type you created before and assign it either a multi-value choice (This will allow you to perform more complex logic later on)
  • The reason for creating these claim types and resource properties is so that they are selectable on any of your File Servers with the FSRM role installed automatically
  • In order to push them out, go to Resource Property Lists, edit the Global Resource Property List and add the resource properties you created
  • Next Select Central Access Rules and create a new rule. Under Target Resources, assign the resource property you created. This will mean this rule will apply to any objects that have this classification configured
  • Under Current Permissions, press Edit and apply permissions using Conditions similar to what you see below. Note for the Principal, use Authenticated Users. That means this will apply to everyone for the restrictions
    • It’s obvious this can get insanely granular and therefore it’s up to us as administrators to exercise significant restraint at every opportunity. Just because you can, doesn’t mean you should

  

Continue reading

I found this cheat sheet for ipv6. It is very handy as it includes a column for ipv4 equivalents.

http://www.ripe.net/lir-services/new-lir/ipv6_reference_card.pdf

Through this I was able to confirm that:

FF00:: is for multicast addresses and is similar to 224.0.0.0
2001:: is for Teredo (allows ipv6 to tunnel through ipv4 NATs)
FC00: and FD00: are called Unique Local Addresses or ULAS and are similar to private IPs in IP4 (ala 192.168/172.16/10.0.0)
FE80: are Link Local Addresses and are similar to the APIPA address (169.254)