Wednesday, December 22, 2010

resetting windows local security policy is annoying

sometimes you just need to remove a system from one ad domain and add it to another. a problem is that the other domain's registry settings get tattooed. yuck.

well, i like to just reset everything, because i'm lazy that way. as administrator at the command prompt...

for xp & server 2003:
secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose

for vista:
secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose

Friday, December 17, 2010

solaris 10, mount those automounts, please?

Solaris and failing mounts get me depressed sometimes. After you've rebooted a machine your nice UDP NFS mounts just don't go or you've made a change in one of your auto defs and your brain is addled because you work with so many variants of Solaris it just isn't funny anymore.

Solaris 8 and 9 were pretty easy. To restart the service (which wasn't one) after you've mucked about in /etc/auto_master &c.:
# /etc/init.d/autofs stop; /etc/init.d/autofs start

Solaris 10 is different. The init script is no longer there, and autofs has become a service. To figure out if is running and to (re)start it after doing what you need to do, follow this sequence:
# svcs | grep auto
legacy_run     14:14:53 lrc:/etc/rc2_d/S72autoinstall
online          9:51:27 svc:/system/filesystem/autofs:default
# svcadm -v restart svc:/system/filesystem/autofs:default
Action restart set for svc:/system/filesystem/autofs:default.
cd to your newly mounted dirs and away you go.

Tuesday, December 14, 2010

sometimes root needs quick gui action

Really? As much as I loathe to do it, sometimes root needs kde console access in ubuntu.

# sed -i 's/AllowRootLogin=false/AllowRootLogin=true/g' /etc/kde4/kdm/kdmrc

When you're done. Undo it.

Oh, if root's not enabled:
# usermod -U root

Friday, December 10, 2010

missile command and mac addresses

Network access blocking using MAC addresses is sometimes like missile command or whack-a-mole depending... you find an errant client, and you tell your firewall-router to block said MAC. What do you do if you're on the receiving end? Change the MAC programmatically, of course.

My ethernet controller is eth0 and has MAC address (or Hardware Address) is 00:0f:1f:f7:b1:64 . I know that there are no MACs with HWaddr 00:0f:1f:f7:b1:65 on the network. Let's change that MAC address.
# ifconfig eth0 down
# ifconfig eth0 hw ether 00:0f:1f:f7:b1:65
# ifconfig eth0 up
Take that! Now, you can very very easily have a little tee script and substitute away every time you're disallowed. But, come on, what tomfoolery are you up to that'd make you programatically denied network access?