ChangeSN Windows XP

' WMI Script - ChangeSN.vbs
'
'sorinakis@g***.com
'**************************

ON ERROR RESUME NEXT
Dim VOL_PROD_KEY
VOL_PROD_KEY = "12345123451234512345" 'put here the real license without dashes
Dim WshShell
Set WshShell = WScript.CreateObject("WScript.Shell")
WshShell.RegDelete "HKLM\SOFTWARE\Microsoft\Windows 
NT\CurrentVersion\WPAEvents\OOBETimer"
'delete OOBETimer registry value
for each Obj in 
GetObject("winmgmts:{impersonationLevel=impersonate}").InstancesOf 
("win32_WindowsProductActivation")
result = Obj.SetProductKey (VOL_PROD_KEY)
if err <> 0 then
WScript.Echo Err.Description, "0x" & Hex(Err.Number)
Err.Clear
end if
next

Recreate Offline Address Book - Exchange 2010

1.    Create a new OAB.

a.    Open Exchange Management Console, expand “Organization Configuration” ->”Mailbox”.
b.    Click “Offline Address Book” tab. Right click the blank area and click “New Offline Address Book”.
c.    Type a different OAB name and click “Browse” to select the Exchange 2010 mailbox server as OAB generation server.
d.    Checked “Include the default Global Address Lists” option. As shown below:
e.    Click Next and checked “ Enable Web-base distribution” option and “ Enable public folder distribution” option. Click “Add” to select the default OAB virtual directory.
f.     Click “Next”, click “New” and click “Finish” to complete the creating process.

 

2.    Restart related services.

a.    Restart the “Microsoft Exchange System Attendant” service.
b.    Restart “Microsoft Exchange File Distribution” service.

 

3.    Update the new OAB and set it as default.

a.    Right click the new create OAB and click “Update” to update it manually. Waiting 15-30 minutes for the OAB generate finished.
b.    Right click the new OAB and click “set as default”. Click “Yes” to confirm it.

 

4.    Associate the new OAB to all the users’ mailbox databases.

a.    Expand “Server Configuration” ->”Mailbox”. Right click “mailbox database” and select “Properties”.
b.    Click “Client Settings” tab, under “Offline Address Book” option, click “Browse” button to choose the new created OAB. It will associate the new OAB to the mailbox store. Click “OK”. As shown below.
c.    Let problematic users click “Send/Receive” button on their Outlook client to download OAB, check whether the problem is resolved.

Install HPSUM on an rpm base distro

mount /dev/cdrom /mnt

cp /mnt/compaq/psp/linux /tmp/

cd /tmp/linux

./hpsum

- check for the prerequisite, usually you need expect, kernel-headers, rpm-build, gcc, libnl, redhat-rpm-config, openipmi and net-snmp  either form the redhat installation dvd (rpm -Uvh package), or you can use "yum install package" if you have yum repositories configured.

- you need to manually install hp-snmp-agents package from the hp dvd, it is not installed by hpsum (I presume it's a glitch). hp-snmp-agents needs hp-health (you find them both in the /tmp/linux directory that you just copied from the dvd)

- re-run ./hpsum untill you have no conflicts/unresolved dependecies!

- after installation and reboot run /sbin/hpsnmpconfig - you have to provide only the readonly (public) and the read/write (private) comunity for snmp.

- if everything seems ok, edit /opt/hp/hp-snmp-agents/cma.conf lin 22: trapemail . at the end of the line replace root with your email address - REMEMBER: you need a functional sendmail in order to be able to send emails!

HP Important Note:   The server needs to have 'sudo' installed in order to start or stop the snmp daemon and to send test traps.   'sudo' grants controlled root access to groups or users.   If installed after hp-snmp-agents please run a '/sbin/hpsnmpconfig'. In case of VMware ESX 3.x series, please run '/etc/init.d/hpasm reconfigure' after installation of hpasm.   These buttons will NOT work if 'sudo' is configured to only run when the user is logged into a 'real' tty.   To be able to perform the operations of start, stop, restart of the snmpd daemon, the user must comment out the line 'Defaults requiretty' in the /etc/sudoers file.   See man sudoers for details about the 'requiretty' flag.   If present, this flag will need to be removed from the '/etc/sudoers' configuration file.   The 'send trap' button also requires a tool snmptrap to be present on the system.   This tool is often bundled with the snmp stack (Suse) or in a package called 'net-snmp-util' (Red Hat).

10

Already 10. Looks like yesterday to me :)

Authentify linux users to a windows 2012 R2 domain controller

As root type:
rpm –Uvh  samba-winbind samba-winbind-clients pam_krb5 krb5-libs

Then:
authconfig --enablekrb5 --krb5kdc=2k12srv.domain.local --krb5adminserver=2k12srv.domain.local --krb5realm=DOMAIN.LOCAL --enablewinbind --enablewinbindauth --smbsecurity=ads --smbrealm=DOMAIN.LOCAL --smbservers=2k12srv.domain.local --smbworkgroup=DOMAIN --winbindtemplatehomedir=/home/%U --winbindtemplateshell=/bin/bash --enablemkhomedir --enablewinbindusedefaultdomain –update && net ads join -U administrator -D DOMAIN

vi smb.conf
[global]
   workgroup = DOMAIN
   password server = 2k12srv.domain.local
   realm = DOMAIN.LOCAL
   security = ads
   idmap config * : range = 16777216-33554431
   template homedir = /home/%U
   template shell = /bin/bash
   winbind use default domain = true
   winbind offline logon = true

Restart and enable winbind:
chkconfig winbind on
service winbind restart

-----------------------------------------------------------------------------------------------------------------------------






The old way, for a 2008 Server was:
rpm -Uvh samba-winbind-clients samba-winbind samba-client

service winbind start
chkconfig winbind on

authconfig --enablewinbind --enablewinbindauth --enablelocauthorize --enablemkhomedir --updateall

vi smb.conf:
# Any modification may be deleted or altered by authconfig in future
   workgroup = DOMAIN
   password server = 2008dc 2008R2dc
   realm = DOMAIN.LOCAL
   security = ads
   idmap config * : range = 16777216-33554431
   template homedir = /home/%D/%U
   template shell = /bin/bash
   winbind use default domain = true
   winbind offline logon = true
#--authconfig--end-line--

vi /etc/openldap/ldap.conf:
TLS_CACERTDIR   /etc/openldap/cacerts
SASL_NOCANON    on

cp shared_DOMAIN_cert.cer /etc/openldap/cacerts/
cacertdir_rehash /etc/openldap/cacerts/

net join -w DOMAIN -S 2008dc.domain.tld -U Administrator
systemctl restart winbind.service

In order to allow certain AD Groups to login:
vi /etc/login.group.allowed
A_CERTAIN_AD_GROUP

vi /etc/pam.d/sshd
auth       required     pam_listfile.so item=group sense=allow onerr=fail file=/etc/login.group.allowed

vi /etc/pam.d/login
auth       required     pam_listfile.so item=group sense=allow onerr=fail file=/etc/login.group.allowed

cd /home
mkdir DOMAIN

Map remote printer

map a local printer to TS session when "bring local printers to TS" fails miserably and start the App only after the printer is available

@echo off
setlocal enableextensions enabledelayedexpansion
set result=0
ser printer=oj100
Title Adding Printer. Be patient...
echo Adding printer. Do not start App yet...
ping -n 2 1.1.1.1 >nul 2>nul
taskkill /fi "username eq %username%" /im app.exe 2>nul
%userprofile%\delprint.vbs
ping -n 2 1.1.1.1 >nul 2>nul
echo Please wait. Starting Installation...
echo ..
for /F "tokens=2 delims=/: " %%f in ('%userprofile%\gettscip.exe') do (
echo Your IP is: %%f
:loop
net use \\%%f\ipc$ /d /y >nul 2>nul
ping -n 1 1.1.1.1 >nul 2>nul
net use \\%%f\ipc$ && set result=1
echo Result: !result!
if not !result! equ 1 goto :loop
Echo Add printer. This is going to take up to 5 minutes, be patient...
rundll32 printui.dll,PrintUIEntry /in /n "\\%%f\!printer!" /u /q /Gw
echo Setting default printer...
echo.
rundll32 printui.dll,PrintUIEntry /y /n  "\\%%f\!printer!" /q
echo.
)
Echo Starting App...
ping -n 3 1.1.1.1 >nul 2>nul
taskkill /fi "username eq %username%" /im app.exe >nul 2>nul
endlocal
C:\Users\Public\Desktop\App.lnk

DNS Adbock on router

In case you have, like me, a secodary dns on your DD-WRT router, you need a dns adblock on it too. By modifying the excellent tutorial from http://www.howtogeek.com/51477/how-to-remove-advertisements-with-pixelserv-on-dd-wrt/ I came to this script:

#!/bin/sh
########Functions setup#########################
logger_ads()
{
logger -s -p local0.notice -t ad_blocker $1
}

softlink_func()
{
ln -s /tmp/$1 /jffs/dns/$2
if [ "`echo $?`" -eq 0 ] ; then
logger_ads "Created $3 softlink to RAM on JFFS"
else
logger_ads "The attempt to create $3 softlink to RAM on JFFS *FAILED*"
logger_ads "it is obvious something IS *terribly wrong*. Will now exit... bye (ads will not be blocked)"
exit 1
fi
}

note_no_space()
{
logger_ads "I assure you this only takes $1 blocks, but I guess your too close to the edge for JFFSs comfort"
logger_ads "deleting the half witted file, as to not confuse the DNS service and free up the JFFS space for other uses."
}
##################################################
nvram set aviad_changed_nvram=0
logger_ads "########### Ads blocker script starting ###########"

if [[ -z "$1" ]]; then
logger_ads "Sleeping for 30 secs to give time for router boot"
sleep 30
else
logger_ads "override switch given"
[[ $1 = "-h" || $1 = "/?" ]] && echo "use -m to override the 30 seconds delay and -f to force a list refresh" && exit 0
[ $1 = "-f" ] && rm /jffs/dns/dnsmasq.adblock.conf && rm /jffs/dns/dlhosts
fi

while ! ping www.google.com -c 1 > /dev/null ; do
logger_ads "waiting for the internet connection to come up"
sleep 5
done

logger_ads "Adding a refresh cycle by puting the script in cron if it isnt there yet"
if [[ -z "`cat /tmp/crontab | grep "/jffs/dns/disable_adds.sh"`" ]] ; then
echo '0 0 * * * root /jffs/dns/disable_adds.sh -m' > /tmp/crontab
stopservice cron && logger_ads "stopped the cron service" startservice cron && logger_ads "started the cron service"
else
logger_ads "The script is already in cron"
fi

logger_ads "New IP and ports setup. Reserve the IP .100 for pixelserv"
pixel="`ifconfig br0 | grep inet | awk '{ print $2 }' | awk -F ":" '{ print $2 }' | cut -d . -f 1,2,3`.100"
mgmtip="`ifconfig br0 | grep inet | awk '{ print $2 }' | awk -F ":" '{ print $2 }'`"

# In my case, on IP .100 I have an apache serving null.html as error page. Comment
next 3 paragraphs, as I don't need pixelserv
#logger_ads "Move http interface to $mgmtip:88"
#if [[ -z "`ps | grep -v grep | grep "httpd -p 88"`" && `nvram get http_lanport` -ne 88 ]]
; then
# logger_ads "it seems that the http is not setup yet on port :88"
# stopservice httpd
# nvram set http_lanport=88
# nvram set aviad_changed_nvram=1
# startservice httpd
#else
# logger_ads "The http is already setup on $mgmtip:88"
#fi

#logger_ads "Redirect setup IP/Port from $mgmtip:80 to $mgmtip:88"
#[[ -z "`iptables -L -n -t nat | grep $mgmtip | grep 80`" ]] && logger_ads "did NOT find an active redirect rule with the iptable command, injecting it now." && /usr/sbin/iptables -t nat -I PREROUTING 1 -d $mgmtip -p tcp --dport 80 -j DNAT --to $mgmtip:88
#nvram get rc_firewall > /tmp/fw.tmp
#if [[ -z "`cat /tmp/fw.tmp | grep "/usr/sbin/iptables -t nat -I PREROUTING 1 -d $mgmtip  p tcp --dport 80 -j DNAT --to $mgmtip:88"`" ]] ; then
# echo "/usr/sbin/iptables -t nat -I PREROUTING 1 -d $mgmtip -p tcp --dport 80 -j DNAT --to $mgmtip:88" >> /tmp/fw.tmp
# nvram set rc_firewall="`cat /tmp/fw.tmp`"
# logger_ads "DONE appending forwarding to FW script"
# nvram set aviad_changed_nvram=1
#else
# logger_ads "The redirection $mgmtip:80 -> $mgmtip:88 in FW script is already in place"
#fi
#rm /tmp/fw.tmp

#logger_ads "Starting or ReSpawning pixelsrv on $pixel IP :80"
#/sbin/ifconfig br0:1 $pixel netmask "`ifconfig br0 | grep inet | awk '{ print $4 }' | awk -F ":" '{ print $2 }'`" broadcast "`ifconfig br0 | grep inet | awk '{ print $3 }' | awk -F ":" '{print $2 }'`" up
#if [[ -n "`ps | grep -v grep | grep /jffs/dns/pixelserv`" ]]; then
# logger_ads "the pixelserv is already up"
#else
# logger_ads "it seems that the pixelserv isnt up. starting it now"# /jffs/dns/pixelserv $pixel -p 80
#fi

logger_ads "Get the online dns blocking lists"
[ ! -e /jffs/dns/whitelist ] && echo google-analytics > /jffs/dns/whitelist && echo toma.guru >> /jffs/dns/whitelist
if [[ -n "$(find /jffs/dns/dlhosts -mtime +7)" || -n "$(find /jffs/dns/dnsmasq.adblock.conf mtime +7)" || ! -e /jffs/dns/dlhosts || ! -e /jffs/dns/dnsmasq.adblock.conf ]]; then
logger_ads "The lists are NOT setup at all yet, or more then 7 days old, will now retrieve them from the web"
logger_ads "Retrieving the MVPS hosts list..."
wget -q -O - http://www.mvps.org/winhelp2002/hosts.txt | grep "^127.0.0.1"
| grep -v localhost | tr -d '\015' >/tmp/dlhosts.tmp
logger_ads "adjusting the MVPS hosts list for our use"
cat /jffs/dns/whitelist | while read line; do sed -i /${line}/d /tmp/dlhosts.tmp
; done
sed -i s/127.0.0.1/$pixel/g /tmp/dlhosts.tmp
logger_ads "done adjusting the MVPS hosts list."
logger_ads "Retrieving the Yoyo domain list..."
wget -q
"http://pgl.yoyo.org/adservers/serverlist.php?hostformat=dnsmasq&showintro=0&mietype=plaintext" -O /tmp/adblock.tmp
logger_ads "adjusting the Yoyo domain list for our use"
cat /jffs/dns/whitelist | while read line; do sed -i /${line}/d /tmp/adblock.tmp
; done
sed -i s/127.0.0.1/$pixel/g /tmp/adblock.tmp
if [ "`df| grep /jffs | awk '{ print $4 }'`" -ge 65 ] ; then
logger_ads "Moving the Yoyo list to JFFS (as it looks that there is enough space for it)"
mv /tmp/adblock.tmp /jffs/dns/dnsmasq.adblock.conf
if [ "`echo $?`" -eq 0 ] ; then
logger_ads "Moving the YoYo domain list to JFFS operation was successful"
else
note_no_space 20
rm /jffs/dns/dnsmasq.adblock.conf
softlink_func adblock.tmp dnsmasq.adblock.conf YoYo
fi
else
logger_ads "*NOT* Moving the Yoyo list to JFFS (as it looks that there is *NOT* enough space for it)"
softlink_func adblock.tmp dnsmasq.adblock.conf YoYo
fi
if [ "`df| grep /jffs | awk '{ print $4 }'`" -ge 100 ] ; then
logger_ads "Moving the MVPS hosts list to JFFS (as it looks like there is enough space for it)"
mv /tmp/dlhosts.tmp /jffs/dns/dlhosts
if [ "`echo $?`" -eq 0 ] ; then
logger_ads "Moving the MVPS hosts list to JFFSoperation was successful"
else
note_no_space 72
rm /jffs/dns/dlhosts
softlink_func dlhosts.tmp dlhosts MVPS
fi
else
logger_ads "*NOT* Moving the MVPS list to JFFS (as it looks that there is *NOT* enough space for it)"
softlink_func dlhosts.tmp dlhosts MVPS
fi
else
logger_ads "The lists are less then 7 days old, saving on flash erosion and NOT refreshing them."
fi

logger_ads "Injecting the DNSMasq nvram options with the dynamic block lists"
nvram get dnsmasq_options > /tmp/dns-options.tmp
if [[ -z "`cat /tmp/dns-options.tmp | grep "/jffs/dns/dnsmasq.adblock.conf"`" || -z "`cat /tmp/dns-options.tmp | grep "/jffs/dns/dlhosts"`" && -e /jffs/dns/dnsmasq.adblock.conf ]] ; then
logger_ads "Did not find DNSMsaq options in nvram, adding them now"
echo "conf-file=/jffs/dns/dnsmasq.adblock.conf" >> /tmp/dns-options.tmp
echo "addn-hosts=/jffs/dns/dlhosts" >> /tmp/dns-options.tmp
nvram set aviad_changed_nvram=1
logger_ads "Added options to nvram DNSMasq options"
else
logger_ads "The DNSMaq options are already in place"
fi

logger_ads "Checking if the personal list is a file"
if [[ -z "`cat /tmp/dnsmasq.conf | grep conf-file=/jffs/dns/personal-ads-list.conf`" && -z "`nvram get dnsmasq_options | grep "/jffs/dns/personal-ads-list.conf"`" && -e /jffs/dns/personal-ads-list.conf ]] ; then
logger_ads "Yes the personal list is in the form of a file"
logger_ads "Removing whitelist from the personal file"
cat /jffs/dns/whitelist | while read line; do sed -i /${line}/d /jffs/dns/personal ads-list.conf ; done
echo "conf-file=/jffs/dns/personal-ads-list.conf" >> /tmp/dns-options.tmp
nvram set aviad_changed_nvram=1
else
[ ! -e /jffs/dns/personal-ads-list.conf ] && logger_ads "The personal list (assuming there is one) is not in a file"
[ -n "`nvram get dnsmasq_options | grep "/jffs/dns/personal-ads-list.conf"`" ] && logger_ads "The personal list is a file, and... it is already in place according to the NVRAM options readout"
[ "$1" = "-f" ] && cat /jffs/dns/whitelist | while read line; do sed -i /${line}/d /jffs/dns/personal-ads-list.conf ; done && logger_ads "overide switch given so removed whitelist from personal file"
fi
logger_ads "Final settings implementer"
if [ "`nvram get aviad_changed_nvram`" -eq 1 ] ; then
nvram set dnsmasq_options="`cat /tmp/dns-options.tmp`"
logger_ads "Found that NVRAM was changed and committing changes
now"
nvram commit
nvram set aviad_changed_nvram=0
logger_ads "Refreshing DNS settings"
stopservice dnsmasq && logger_ads "stopped the dnsmasq service"
startservice dnsmasq && logger_ads "started the dnsmasq service"
else
logger_ads "Nothing to commit"
fi
rm /tmp/dns-options.tmp
logger_ads "######### Ads blocker script has finished and you should be up and running ##########

Using Intel AMT’s embedded VNC server

Intel Chipsets with vPro/Intel AMT, paired with a Core i5/i7 or Xeon with integrated graphics, have a feature called Remote KVM.

To activate it, press Ctrl-P at the BIOS - this brings you to the MEBx menu, set a password (minimum 8 characters, mixed case, numbers and special characters are enforced - try to avoid #@$% - use star or exclamation), configure the network settings (DHCP, or static - it can even match the OS’s IP address!), enable Remote KVM and disable User Opt-In.

in order to set it up, download the Intel AMT SDK from http://software.intel.com/en-us/articles/download-the-latest-intel-amt-software-development-kit-sdk/ extract the ZIP and open ./Windows/Intel_AMT/Bin/KVM/KVMControlApplication.exe. (I had to install .net 2.0 in my wine in order to be able to run it.)
There, you can enable KVM by clicking "Edit Machine Settings" as seen in the following screenshot:

KVM Status can either be set to
-“redirection ports” (meaning it will only be accessible to clients that specifically support Intel AMT, such as RealVNC Viewer Plus or Intel’s KVM Console, the former of which costs $100, the later constantly overlays a RealVNC logo on the screen), or to
-“default port” (meaning it will be accessible on TCP port 5900 with any VNC client), or to
-“all ports” (which is the combination of both).
If you enable VNC access, you will also need to set an RFB Password. Warning, the password gets truncated at 8 characters but     at the same time has the security requirements identical to the general AMT password (Capital, small letter, number and special-character - WARNING: underscore is not special char, @$%&| are NOT allowed, choose star or exclamation to play safe).
If you disabled User Opt-In in the MEBx menu, you can disable it here as well.

Now you can use almost any VNC client you like (KRDC, Real, Ultra, and Tight VNC works fine, while TigerVNC seems to be unable to auth, and Apple Remote Desktop appears to cause the VNC server to freeze - it's Apple crap, what do you expect?).

Two things worth mentioning:
1: the initial BIOS splash screen is not visible during a KVM connection (not even on a directly-attached screen), so to get to the BIOS, you needed to blindly hit the F10.
2: it is not possible to enter the MEBx menu during a KVM connection (probably for security reasons), if you hit the corresponding CTRL+P key, it immediately exits and continues normal boot; if you establish a KVM connection while already in MEBx, you get disconnected immediately.

 If you’re building a home server, you should definitely consider getting system with Intel vPro/AMT 6.0 or later, you get ILO-like remote management capabilities for free.

Oh yeah, http://your_machine:16992 gives you access to logs, power control, network setup, users, exactly the same way ILO does!

And of course the OS has no idea something is running below him, there is no CPU load, on the host netstat shows no other connections except my ssh:
 tcp        0      0 192.168.aaa.xxx:22          192.168.aaa.yyy:49506       ESTABLISHED 2314/sshd

while from my workstation we can see a second connection to the VNC port 5900:
tcp        0      0 192.168.aaa.yyy:49506       192.168.aaa.xxx:22          ESTABLISHED 13362/ssh   
tcp        0      0 192.168.aaa.yyy:43311       192.168.aaa.xxx:5900        ESTABLISHED 29457/krdc

 Note the black blinking monitors in the upper-right corner - that screams "AMT":

Error 512 - rear chassis fan not detected on a Small Form Factor

as per hp site:
"Although the HP Compaq 8200 Elite Small Form Factor PC has no rear chassis fan installed, this error message may arise when the front panel cable assembly was damaged after a system repair attempt.
In a HP Compaq 8200 Elite Small Form Factor PC, Pin10 on the front panel cable connector is used to tell the system BIOS, that the chassis is a Desktop model, not Microtower model. This is necessary because the system board is also used in HP Compaq 8200 Elite Microtower PC, which has a rear chassis fan installed. Pin10 is not connected there.
If the cable on Pin10 of the connector in a HP Compaq 8200 Elite Small Form Factor PC was damaged accidently and therefore has no connection to the system board, the BIOS assumes that it is a Microtower model and therefore checks for a rear chassis fan."

There is a problem with the front panel connector:

Let's remove it and look, the pin 10 is not connected while pin 5 (usually unused) it is:

We just need to remove the plug from pin 5 and move it to pin10:

Finally the ground is moved from pin 5 to pin 10:

dns_adblock

#!/bin/bash 
#dns_adblock.sh - poor man's adblock 
# (c)2015 sorin@toXX.guru                                                                                       
#replace add servers with a local blank page 
#this script works faster/better/cleaner if you have apache httpd configured to serve a null page in case of page not found 
#just create an empty file 'touch /var/www/html/null.html', then in /etc/httpd/httpd.conf add/modify the line 'ErrorDocument 404 /null.html'  


#define local variables 
target=/var/named/data/blacklist
nullzone=/var/named/null.zone.file 
namedconf=/etc/named.conf  
whitelisted=/var/named/data/whitelisted.personal 
blacklisted=/var/named/data/blacklisted.personal 
namesrv=192.168.18.100                                                                           
# if it's the first time we run this, add the right info into bind's configuration   
if [ ! -f $nullzone ]; then  
echo "\$TTL    86400   ; one day  
@       IN      SOA     ads.nodomain. root. (  
             2015021505 ; serial              
                  28800 ; refresh                  
                   7200 ; retry                        
                 864000 ; expiry                        
                86400 ) ; minimum                          
            NS      nameserver     
               A       $namesrv              
@       IN      A       $namesrv                    
*       IN      A       $namesrv" > $nullzone    
fi                                                                                
if ! grep -q $target $namedconf ; then                                             
echo "conf not found"  
echo " include \"$target\";" >> $namedconf 
fi           
                                               
# get the list of known adservers from yoyo.org, sanitize it and make it compatible with bind9   
wget -q -O - 'http://pgl.yoyo.org/as/serverlist.php?hostformat=bindconfig&showintro=0' | tail -n+29 | head -n -6 | sed -e 's/{/IN {/g' -e '/_/d' > $target-new 
                                  
# get a second list from mvps.org, sanitize it and add only the hostnames that were not given by yoyo.org 
while read adhost; do                                                              
if ! grep -q $adhost $target-new ; then  
echo "zone \"$adhost\" IN { type master; notify no; file \"null.zone.file\"; };" >> $target-new   
fi          
done < <(wget -q -O - http://www.mvps.org/winhelp2002/hosts.txt | sed -e '/^ *#/d;s/#.*//' -e '/^[[:space:]]*$/d' -e '/localhost/d' -e '/_/d' -e '/[\r\n]/d' | cut -d" " -f2 )          
             
# add personal blacklist    
blhost="nothing"  
sed '/^ *#/d;s/#.*//' $blacklisted | while read blhost; do  
if ! grep -q $blhost $target-new ; then                    
echo "zone \"$blhost\" IN { type master; notify no; file \"null.zone.file\"; };" >> $target-new  
fi        
done   
       
# remove whitelisted domains. ($wlisted variable have to be defined, otherwise sed might remove everything) 
wlisted="nothingatall"               
sed '/^ *#/d;s/#.*//' $whitelisted | while read wlisted; do 
sed -i /"$wlisted"'/d' $target-new                                                  done  
       
#remove duplicates, named is intolerant to multiple definitions for the same host  
cat  $target-new | sort -u > $target 

#cleanup line containing "empty" domain                                            
sed -i '/\"\"/d' $target 

# cleanup the last remanents of bad lines reported by named-checkconf  
if [ ! $(/usr/sbin/named-checkconf -t /var/lib/named -z /etc/named.conf >/dev/null 2>&1; echo $?) = 0 ]; then 
badlines=$(/usr/sbin/named-checkconf -t /var/lib/named -z /etc/named.conf | cut -d: -f2 | sed -e 's/$/d;/' | tr -d '\n')  
sed -i "$badlines" $target  
fi                                                                                    
rm -f $target-new                                                                                     
# reload bind  
/bin/systemctl reload named.service 

HP ILO Linux - reset password

(hpsum must be already installed)

Reset Administrator password to “newpass”:

vi reset-password.xml

<ribcl VERSION="2.0">

<login USER_LOGIN="Administrator" PASSWORD="something_without_importance">

  <user_INFO MODE="write">

   <mod_USER USER_LOGIN="Administrator">

    <password value="newpass"/>

   </mod_USER>

  </user_INFO>

</login>

</ribcl>

hponcfg -f reset-password.xml -l log.txt ; cat log.txt

Add user "admin" with password "nosecurity":

vi  adduser.xml

<ribcl version="2.0">

<login user_login="Administrator" password="blah_blah_it_doesnt_matter">

<user_info mode="write">

<add_USER

USER_NAME="admin"

USER_LOGIN="admin"

PASSWORD="nosecurity">

<reset_SERVER_PRIV   value = "Y" />

<admin_PRIV   value = "Y" />

</add_USER>

</user_info>

</login>

</ribcl>

hponcfg -f adduser.xml -l log.txt ; cat log.txt

Recursive owner and rights changing on subfolders

We assume the username==folder_name

the specific version for vista+ profiles:

@echo off
Echo (c) 2012 s@toma.gXXX
Set rprofiles=D:\path\to\profiles
For /f "delims=.V2" %%* in ('dir %rprofiles% /B') Do (
echo target is %rprofiles%\%%*.V2 User is %USERDOMAIN%\%%*
takeown /f "%rprofiles%\%%*.V2" /r
icacls "%rprofiles%\%%*.V2" /setowner %USERDOMAIN%\%%* /T /C
icacls "%rprofiles%\%%*.V2" /grant:r %USERDOMAIN%\%%*:F Administrateurs:F System:F /T
rem dir /B /W "%rprofiles%\%%*.V2"
rem ping -n 1 -w 1000 1.1.1.1 >nul
)

or the simple version:

cd d:\path\to\folders\
For /f "Tokens=*" %* in ('dir /B') Do  @cacls %* /E /C /T /G "%*":F

RD Shadow in 2012 R2

PS:>

Import-Module RemoteDesktopServices

Get-RDUserSession | select UserName,SessionId,UnifiedSessionId

mstsc /shadow:%UnifiedSessionId” /control /noConsentPrompt

the SessionId and UnifiedSessionId might have to be used, depending on how the wind blows and at what angle the Sun is on the sky :)

Resize an LVM partition on a HP Proliant server

1. Install HP Proliant support pack 

2. If you've installed the PSP before and it is already running on your server, you can skip this step, otherwise start HP Array Configuration Utility Online for Linux. 
cd /opt/compaq/cpqacuxe/bld
./cpqacuxe -R
note: after finishing online configuration utility, you might want to stop it by running
./cpqacuxe -stop

3. Expand array and logical drive
Go to https://localhost:2381 and click on array configuration utility link.
Click on expand array - it will take some time to finish (like 8hrs). After the expansion is finished, a new button called 'expand logical drive' will appear, clicking on it will finish expanding the array.

4. Make Linux kernel recognize the new size of your hardware raid5
Reboot Linux server, run  'partprobe' or 'sfdisk -R /dev/cciss/c0d0' followed by  'fdisk -l /dev/cciss/c0d0' multiple times, 'till it shows the new size.
You might have to reboot multiple times if the new size does not appear at fdisk -l.

5. Enlarge partition with fdisk - DANGEROUS, please have a full backup first!
fdisk /dev/cciss/c0d0  (you might consider using fdisk -u /dev/cciss/c0d0 - it will display the size in sectors instead of cyclinders)
"p" - take note where the /dev/cciss/c0d0p2 (your extended partition) starts!
press "d" then "2" to remove the c0d0p2 partition - yes you wil DELETE the partition, don't reboot, don't move, dont even breathe on top of that server!!!
press "n" for new, then "p" primary partition to use the full space
Make sure the old and new partition starts at the same cylinder or sector position, otherwise, all your data will be destroyed!!!
press "t" to change partition type to LVM
"w" to write
"q" to quit
now you will need to reboot again!

6. Resize physical volume size, logical volume size and perform file system online increase:

After reboot, check again the new size:
[root@log ~]# fdisk -l /dev/cciss/c0d0
Disk /dev/cciss/c0d0: 1799.7 GB, 1799797127168 bytes
255 heads, 63 sectors/track, 218812 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

           Device Boot      Start         End      Blocks   Id  System
/dev/cciss/c0d0p1   *           1          13      104391   83  Linux
/dev/cciss/c0d0p2              14      218813  1757509959+  8e  Linux LVM

Let's see ho many free phisical blocks we have:
[root@log ~]#vgdisplay -v | grep "Free PE"
    Finding all volume groups
    Finding volume group "VolGroup00"
  Total PE / Free PE    54337 / 17879

Now let's resize the phisical volume:
[root@log ~]# pvresize /dev/cciss/c0d0p2
  Physical volume "/dev/cciss/c0d0p2" changed
  1 physical volume(s) resized / 0 physical volume(s) not resized
 
  note: we used vgdisplay -v to check the number of free PE, let's say it's 17879.

Now let's extend the lvm: 
[root@log ~]# lvextend -l +17879 /dev/VolGroup00/LogVol02
  Extending logical volume LogVol02 to 1.60 TB
  Logical volume LogVol02 successfully resized

And finally we will resize the filesystem:
[root@log ~]# resize2fs /dev/VolGroup00/LogVol02
resize2fs 1.39 (29-May-2006)
Filesystem at /dev/VolGroup00/LogVol02 is mounted on /data; on-line resizing required
Performing an on-line resize of /dev/VolGroup00/LogVol02 to 430276608 (4k) blocks.
The filesystem on /dev/VolGroup00/LogVol02 is now 430276608 blocks long.

Ofc, steps 4 to 6 can be replaced with running offline gparted from a CD...

Stream webcam with sound

cvlc v4l2:///dev/video1 :v4l2-standard= :input-slave=alsa://hw:0,0 :live-caching=300 :sout=#"transcode{vcodec=mp4v,vb=256,scale=Auto,acodec=mp4a,ab=48,channels=1,samplerate=8000}:http{mux=asf,dst=:8080/}" :sout-keep

Windows Shell for TS - without Domain Controller

On the RD Session Host Configuration ,the following (compiled as c:\windows\tssession.exe) script is executed as initial shell:

;(c)2014  sorinakis@g**il.com

;msgbox, Username: %A_UserName%
AuthUsers = Administrator|administrator
Loop Parse, AuthUsers, |
{
 ifEqual, A_LoopField, %A_Username%
 {
  Sleep, 500
  Run, explorer.exe
  ;MsgBox EXPLORER Executed.
  GoTo, End
 }
else
 {
  ;MsgBox In the ELSE branch.
  Sleep, 500
  Run, D:\Partages\apps\LCM\Bin\wrun32.exe -ws -c D:\Partages\apps\LCM\etc\CBLCONFI-RZ_APP.ini utmenu
  Sleep 500
  WinMaximize, ahk_class AcucobolWClass
  IfWinExist, Cie(01)
  {
   WinMaximize,  Cie(01)
   Sleep, 500
   WinWaitClose, Cie(01)
   Sleep, 500
   Run, shutdown /l
  }
  Return
 }
}
End:
Sleep, 100
;MsgBox At the END.

9

SSH BruteForce Attacks are back

I've put back the little iptables rule:

-N SSHBRUTE
-A INPUT -i eth1 -p tcp -m tcp --dport 22 -m state --state NEW -m recent -j SSHBRUTE
-A SSHBRUTE -m recent --set --name BRUTESSH --rsource 
-A SSHBRUTE -m recent --rcheck --seconds 60 --hitcount 5 --rttl --name BRUTESSH --rsource -j \ REJECT --reject-with tcp-reset
-A SSHBRUTE -m recent --rcheck --seconds 60 --hitcount 4 --rttl --name BRUTESSH --rsource -j \ LOG --log-prefix "Brute Force SSH Drop"
-A SSHBRUTE -m recent --update --seconds 60 --hitcount 4 --rttl --name BRUTESSH --rsource -j \ REJECT --reject-with tcp-reset
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

A simple script to import .pst in thunderbird

#!/bin/bash
#
#(c)2014 sorinakis@g*il.com

if [ "$(whereis readpste | cut -d: -f2)" = "" ]; then.
 echo "Sending you to download readpst"
 kdialog --warningcontinuecancel "Go to http://www.five-ten-sg.com/libpst/ to download, then compile and install libpst
 Once libpst is installed please re-execute this script.
 If readpst is installed, but not in path, you have to comment the first section of $0" --continue-label "Go to site"
 if [ ! $? = 0 ]; then
  echo "Cancel Pressed. Exit"
  exit 2
 fi
 xdg-open http://www.five-ten-sg.com/libpst/
 exit 0
fi

# Prepare location
wrkfld=$TMP/outlook$$
export $(dbus-launch)
mkdir $wrkfld

# Convert pst
readpst -o $wrkfld -r "`kdialog --getopenfilename ~ '*.pst' 2>/dev/null`"

# Rename folder so thunderbird understands
find $wrkfld -type d | tac | grep -v '^$wrkfld$' | xargs -d '\n' -I{} mv {} {}.sbd
find $wrkfld.sbd -name mbox -type f | xargs -d '\n' -I{} echo '"{}" "{}"' | sed -e 's/\.sbd\/mbox"$/"/' | xargs -L 1 mv

#Cleanup empty folders
find $wrkfld.sbd -empty -type d | xargs -d '\n' rmdir

kdialog --msgbox "Conversion Done! Please create a subfolder in your Thunderbird's Local Folders,.
 then manuallly move $wrkfld.sdb into ~/.thunderbird/[profile]/Mail/Local Folders/[new folder]"

Tune UP (in fact down) Windows 2008 R2

sssc config lanmanworkstation depend= bowser/mrxsmb10/nsi
sc config mrxsmb20 start= disabled

netsh int tcp set global rss=disabled
netsh int tcp set global chimney=disabled
netsh int tcp set global autotuninglevel=disabled
netsh int ip set global taskoffload=disablednetsh int tcp set global autotuninglevel=disablednetsh int tcp set global ecncapability=disablednetsh int tcp set global timestamps=disablednetsh advf set allp state off


:: reg add "HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters" /v DisableTaskOffload /t REG_DWORD /d "1" /f

reg add "HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters" /v DisableBandwidthThrottling /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp" /v TcpAutotuning /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v TcpAutotuning /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v TcpAutotuning /t REG_DWORD /d "0" /f
reg add "HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters" /v EnableTCPA /t REG_DWORD /d "0" /f

Watermark Printer

This is a very crude version of a "Watermark Printer" - it prints on a "preprinted paper" (e.g. something containing the company logo)


@echo off

:: ------------------------------------------------------------------
:: install redmon in %userprofile%\appdata\redmon
:: put this script in %userprofile%\appdata\redmon\email.bat
:: create new printer with port RPT1:
:: configure port redirect to %userprofile%\appdata\redmon\redrun.exe
:: port arguments %userprofile%\appdata\redmon\email.bat  %%1

:: ------------------------------------------------------------------
:: Ghostscript configuraton
set GS_INSTALL="%userprofile%\appdata\redmon\gs"
set GS_VERSION=8.63
:: LibTIFF configuraton
set LIBTIFF_INSTALL=%userprofile%\appdata\redmon\GnuWin32
:: PDF viewer configuraton (no need to set, if PDF is a registered file type)
set PDF_READER=
:: Watermark background config
set BACKGROUND="%userprofile%\appdata\redmon\\Watermark.pdf"
:: PDFTK location
set PDFTK="%userprofile%\appdata\redmon\"
:: ------------------------------------------------------------------
:: temporary PDF directory
set PDF_DIR=%TEMP%\1
:: delete old temporary PDF directories if required
for /d %%D in ("%TEMP%\1\") do if not "%%D"=="%TEMP%\1\" rd /s /q "%%D"
:: create if required
if not exist "%PDF_DIR%" md "%PDF_DIR%"
echo myass > %PDF_DIR%\blah
:: check if file is given
if not "%~1" == "" goto CHECK_FOUND
echo ERROR: No file name given!
goto END
::----------
:CHECK_FOUND
:: check for file existence
if exist "%*" goto SET_FNE
echo ERROR: File "%*" not found!
goto END
::------
:SET_FNE
:: set input file, name and extension
call :set_input_file_name_ext "%*"
:: check file type
if "%INPUT_EXT%" == "" set INPUT_NAME=%~n1.ps
if "%INPUT_EXT%" == "" set INPUT_EXT=.ps
if "%INPUT_EXT%" == ".ps" goto PROCESS_PS
if "%INPUT_EXT%" == ".tiff" goto PROCESS_TIFF
if "%INPUT_EXT%" == ".tif" goto PROCESS_TIFF
if "%INPUT_EXT%" == ".pdf" goto PROCESS_PDF
echo ERROR: File type "%INPUT_EXT%" not supported!
goto END
:: --------
:PROCESS_PS
:: set file names
set PS_FILE=%INPUT_FILE%
set PDF_FILE=%PDF_DIR%\%INPUT_NAME%.pdf
:: convert to PDF
"%GS_INSTALL%\gs%GS_VERSION%\bin\gswin32c.exe" -dSAFER -dNumRenderingThreads#%NUMBER_OF_PROCESSORS% -sDEVICE#pdfwrite -o "%PDF_FILE%" -c .setpdfwrite -f "%PS_FILE%"
goto DISPLAY
:: ----------
:PROCESS_TIFF
:: set file names
set TIFF_FILE=%INPUT_FILE%
set PDF_FILE=%PDF_DIR%\%INPUT_NAME%.pdf
:: convert to PDF
"%LIBTIFF_INSTALL%\bin\tiff2pdf.exe" -o "%PDF_FILE%" -f "%TIFF_FILE%"
goto DISPLAY
:: ---------
:PROCESS_PDF
:: set file name
set PDF_FILE=%INPUT_FILE%
::
:: ------------------------------------------------------------------
:DISPLAY
:: open PDF file in reader
:: start /b "%PDF_READER%" "%PDF_FILE%"
::
:: apply background
%PDFTK%\pdftk.exe "%PDF_FILE%" background %BACKGROUND% output "%PDF_DIR%\output.pdf"
:: call OUTLOOK - ugly for the moment
"C:\Program Files (x86)\Microsoft Office\OFFICE14\OUTLOOK.EXE" /a "%PDF_DIR%\output.pdf"

:: ------------------------------------------------------------------
:END
exit
::
:: ------------------------------------------------------------------
:: Subroutine: set_input_file_name_ext
:: Arguments:  %1 = "path/name.ext"
:: Purpose:    set environment vars to input file, name and extension
:: ------------------------------------------------------------------
:set_input_file_name_ext
set INPUT_FILE=%~1
set INPUT_NAME=%~n1
set INPUT_EXT=%~x1
goto :eof
:: ------------------------------------------------------------------

Allow login only if the member of a certain OU comes from a certain IP subnet

@echo off
:: (c)2014 sorinakis@g*il.com
setlocal enableextensions enabledelayedexpansion
set config=c:\pair.txt

:: find the primary OU that user belongs to
for /F "tokens=3 delims=/,CN=" %%n in ('"gpresult /R | findstr CN | findstr /I %username%"') do (
 set myou=%%n
)
:: echo myou is: !myou!

:: find the client subnet (need gettscip.exe from www.ctrl-alt-del.com.au in the path somewhere)
for /F "tokens=2 delims=/: " %%f in ('gettscip.exe') do (
 for /F "tokens=1-3 delims=/." %%g in ('echo %%f') do set mynet=%%g.%%h.%%i
)
:: echo mynet is: !mynet!

:: read the config file containing the pair IP_subnet/Organisational_Unit (or group)
:: the pair have to be separated by a space, ex: '192.168.1 Users' comments start with ;
for /F "eol=; tokens=1,2 delims=/ " %%l in ('type !config!') do (
 set net=%%l
:: set group=%%m
 set ou=%%m

:: find if the user belongs to a group
rem for /f %%f in ('"net user /domain %username% | findstr /i %group%"') do set /a ingroup=yes

:: if the two pairs are identical, the user can login from that subnet
 if "!net!"=="!mynet!" (
::  if "!ingroup!"=="yes" (
 if /I "!ou!"=="!myou!" (
   set canrun=yes
  )
 )
)
::echo canrun: !canrun!

:: if the user can't login let him know, then end the session
if NOT "!canrun!"=="yes" (
 echo Sorry %username%, "!myou!" are NOT ALLOWED to login from !mynet!.0/24
 msg %username% Sorry, %username% is NOT ALLOWED to login from this location.
 shutdown /l
)

:: Cleanup variables at end
endlocal

Delete old printers ond add new ones - second version

This version keeps track of the default printer :)

' s@to**.guru - Jan 08 2015 Replace the default Printer

'********************************************************************************************************************
On Error Resume Next
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objShell = CreateObject("WScript.Shell")
Set objNetwork = CreateObject("WScript.Network")
'Set wmiLocator = CreateObject("WbemScripting.SWbemLocator")
'Set wmiNameSpace = wmiLocator.ConnectServer(objNetwork.ComputerName, "root\default")
'Set objRegistry = wmiNameSpace.Get("StdRegProv")
'strComputer = "."
'Const HKEY_CLASSES_ROOT  = &H80000000
'Const HKEY_CURRENT_USER  = &H80000001
'Const HKEY_LOCAL_MACHINE = &H80000002
'Const HKEY_USERS         = &H80000003
userprrf = objShell.Environment("PROCESS")("UserProfile")
lockfile = "\prinstalled"
oldlockfile = "\printersinstalled"
strnewSrv = "\\2K12SRV\"
strOldSrv = "\\critesdc\"
arrPrinters = Array("HP Color LaserJet 4700 PCL 5c","HP Color LaserJet 4700 PCL 5c Sales","HP LaserJet 4100 Series PCL6 Sales","HP LaserJet 4250 PCL6","HP Laserjet 5100tn","Xerox WorkCentre 5655 PS","Xerox7545 PS")

'********************************************************************************************************************
' If this script was already run at least once for this user, EXIT and don't look back
If (objFSO.FileExists(userprrf & lockfile)) Then
  Wscript.Quit
End If
' Delete old lockfile
objFSO.DeleteFile(userprrf & oldlockfile)
'' If we're on the TS server create lockfile and Exit!
'If objNetwork.ComputerName = "2K12TS1" Then
'  Set objFile = objFSO.CreateTextFile(userprrf & lockfile, true)
'  Set objFile = objFSO.GetFile(userprrf & lockfile)
'  objFile.Attributes = 2
'  Wscript.Quit
'End if

'********************************************************************************************************************
' Make spooler autostart without waiting
' use Microsoft's way of getting StdRegProv, set_binary is special!
'Set oRegistry = _
'   GetObject("Winmgmts:root\default:StdRegProv")
'strPath = "SYSTEM\CurrentControlSet\Services\Spooler"
'uBinary = Array(80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,20,00,64,00,01,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00)
'Return = oRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE, _
'   strPath, _
'   "FailureActions", _
'   uBinary)
'oShell.RegWrite "HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Start", 2, "REG_DWORD"

'********************************************************************************************************************
' get the default printer
strdefValue = "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Device"
strdefPrinter = objShell.RegRead(strdefValue)
strdefPrinter = Split(strdefPrinter, ",")(0)
'wscript.Echo "Actual default printer: " & strdefPrinter
' put the default printer into the lockfile if we want to keep it for historical records
'Set objFile = objFSO.CreateTextFile(userprrf & lockfile)
'objFile.Write strdefPrinter & vbCrLf
'objFile.Close

'********************************************************************************************************************
'Delete old printers using either printui.dll or AddWindowsPrinterConnection
wscript.sleep 100
For Each strPrn in arrPrinters
strPrinter = (strOldSrv & strPrn)
'wscript.echo "removing "  & strPrinter
strCmd = "rundll32 printui.dll,PrintUIEntry /dn /n """ & strPrinter & """ /q"
      objShell.Run strCmd,,true
'    objNetwork.RemoveWindowsPrinterConnection strOldSrv & strPrn
Next

'********************************************************************************************************************
' to make sure all printers are removed, Deletes RegistryKey with all subkeys in Network printers
'sPath = "Printers\Connections"
'lRC = DeleteRegEntry(HKEY_CURRENT_USER, sPath)
'Function DeleteRegEntry(sHive, sEnumPath)
' Attempt to delete key.  If it fails, start the subkey enumration process.
'lRC = objRegistry.DeleteKey(sHive, sEnumPath)
' The deletion failed, start deleting subkeys.
'If (lRC <> 0) Then
' Subkey Enumerator  
'On Error Resume Next  
'lRC = objRegistry.EnumKey(HKEY_CURRENT_USER, sEnumPath, sNames)  
'For Each sKeyName In sNames    
'If Err.Number <> 0 Then Exit For    
'lRC = DeleteRegEntry(sHive, sEnumPath & "\" & sKeyName)  
'Next  
'On Error Goto 0
' At this point we should have looped through all subkeys, trying to delete the key again.  
'lRC = objRegistry.DeleteKey(sHive, sEnumPath)
'End If
'End Function
' Now let's recreate only the "root" Key we deleted before
'objRegistry.CreateKey HKEY_CURRENT_USER,sPath

'********************************************************************************************************************
' we have zero network printers, let`s remove all unused drivers by using Microsoft`s own prndrvr.vbs
' first restart print spooler in order to release open files
'Set objWMIService = GetObject("winmgmts:" _
'    & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
'Set colServiceList = objWMIService.ExecQuery _
'        ("Select * from Win32_Service where Name='Spooler'")
'For each objService in colServiceList
'     errReturn = objService.StopService()
'Next
'wscript.sleep 1000
'Set colServiceList = objWMIService.ExecQuery _
'    ("Select * from Win32_Service where Name='Spooler'")
'For each objService in colServiceList
'     errReturn = objService.StartService()
'Next
'oShell.Run "cscript %systemroot%\system32\prndrvr.vbs -x"

'********************************************************************************************************************
'Add new printers using either printui.dll or AddWindowsPrinterConnection
wscript.sleep 100
For Each strPrn in arrPrinters
strPrinter = (strNewSrv & strPrn)
'wscript.echo "installing "  & strPrinter
strCmd = "rundll32 printui.dll,PrintUIEntry /in /n """ & strPrinter & """ /u /q /Gw"
      objShell.Run strCmd,,true
'    objNetwork.AddWindowsPrinterConnection strNewSrv & strPrn
Next

'********************************************************************************************************************
' Try to put back the default printer
'Set objFile = objFSO.OpenTextFile(userprrf & lockfile)
'Do Until objFile.AtEndOfStream
'    strNewDefPrinter = objFile.ReadLine
'Loop
'objFile.Close

strNewDefault = (Replace(strdefPrinter,strOldSrv, strNewSrv))
'wscript.Echo "New default printer: " & strNewDefault
strCmd = "rundll32 printui.dll,PrintUIEntry /y /n """ & strrNewDefault & """ /u /q /Gw"
      objShell.Run strCmd,,true
'objNetwork.SetDefaultPrinter strNewDefault


'********************************************************************************************************************
' Tell the user to check his default printer
beep = chr(007)
objShell.Run "cmd /c @echo " & beep & beep, 0
'with createobject("wscript.shell")
'   .popup "Tous vos imprimantes réseau ont été installés. SVP vérifier et changer votre imprimante DÉFAULT si nécessaire.",30, "Printers Manager"
'end with
'objShell.Exec("control printers")

'********************************************************************************************************************
' We're done, let's leave a hidden file in userprofile, so at next login this script will exit
Set objFile = objFSO.CreateTextFile(userprrf & lockfile, true)
Set objFile = objFSO.GetFile(userprrf & lockfile)
objFile.Attributes = 2
Wscript.Quit

Delete old printers and change the default

'Change default Printer and delete the old ones
'(c)2014 s@xxxxxxxx.com
' defaultlist example: service Client,\\2K12SRV\HP 4050 P005

PrintServer = "2K8SRV" 'Old Print server name goes here - case sensitive
listfile = "\defaultlist.txt"
lockfile = "\defaultprt"
Set objNetwork = CreateObject("WScript.Network")
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objSysInfo = CreateObject("ADSystemInfo")
Set objShell =  CreateObject("WScript.Shell")
userprrf = objShell.Environment("PROCESS")("UserProfile")
strComputer = "."
'strCurPath = CreateObject("Scripting.FileSystemObject").GetAbsolutePathName(strComputer)
strCurPath = "\\2k12srv\netlogon\deploy" ' relpath doesn't seems to work on UNC
 wscript.echo strCurPath
If (objFSO.FileExists(userprrf & lockfile)) Then
 'Debug
 'with createobject("wscript.shell")
 '.popup userprrf & "Lockfile EXIST!" , 1 , "Info"
 'end with
 Wscript.Quit
End If

'On Error Resume Next
strName = objSysInfo.UserName
' Split full username by comma (warning: comma is a valid char in OU, verify personally that it doesn't exist in your OU!)
arrUserName = Split(strName, ",")
' remove OU= or DC= for the last 2 OU's
arrOU = Split(arrUserName(1), "=")
arrOU2 = Split(arrUserName(2), "=")
'put those OU toghether
strOU = arrOU2(1) & " " & arrOU(1)
' open the list of OU vs printers pairs
Set objFile = objFSO.OpenTextFile(strCurPath + listfile, 1)
 Do Until objFile.AtEndOfStream
 ' they are separated by comma, first is OU second is printer
 defaultArray = split(objFile.ReadLine,",")
 readOU=defaultArray(0)
 defaultprt=defaultArray(1)
 ' Debug
 'with createobject("wscript.shell")
 '.popup "Check: """ & strOU & """ = """ & readOU & """ Choose """ & defaultprt & """. " , 1 , "Info"
 'end with
 If strOU = readOU Then
  ' Debug
  'with createobject("wscript.shell")
  '.popup "Found: """ & strOU & """ = """ & readOU & """ Printer: """ & defaultprt & """. " , 5 , "Info"
  'end with
  ' first ensure that the printer is installed, then set it default
  objNetwork.AddWindowsPrinterConnection defaultprt
  objNetwork.SetDefaultPrinter defaultprt
  exit do
 End If
Loop
objFile.Close

'Remove old printers
Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

Set colInstalledPrinters =  objWMIService.ExecQuery _
    ("Select * from Win32_Printer")

For Each objPrinter in colInstalledPrinters
    'Debug
    'with createobject("wscript.shell")
  '.popup "Name: " & objPrinter.Name , 1 , "Info"
  'end with
  'Wscript.Echo "Name: " & objPrinter.Name
    i = 0
    ReDim Preserve arrPrinterName(i)
    arrPrinterName(i) = objPrinter.Name
        If InStr(arrPrinterName(i), PrintServer) Then
            Set objNetwork = WScript.CreateObject("WScript.Network")
            'Debug
        'with createobject("wscript.shell")
      '.popup "Removing: " & arrPrinterName(i) , 5 , "Info"
      'end with       
            objNetwork.RemovePrinterConnection arrPrinterName(i)
            i=i+1
        Else
            'Debug
        'with createobject("wscript.shell")
      '.popup "Skipped: " & arrPrinterName(i) , 5 , "Info"
      'end with       
        End If

Next

' Leave a lockfile in user's home
Set objFile1 = objFSO.CreateTextFile(userprrf & lockfile)
Wscript.Quit

Modify ANZIOLITE.DEF

@echo off
echo (c) 2014 sorin@xxxxxxxx.com

setlocal enableextensions enabledelayedexpansion

set anzio15=Anzio15
set anzio16=Anzio16
set anzio17=Anzio17
set tgtfile=ANZIOWIN.DEF

for %%x in ( !anzio15! !anzio16! !anzio17! ) do (
 for %%A IN ( "!programfiles!" "!programfiles(x86)!" ) do (
  set mypath=%%~A\%%x\%tgtfile%
  ::echo mypath is: !mypath!
  if exist "!mypath!" (
   ::echo anziowin found in !mypath!
   %0\..\ssed.exe -e "s/allow-quit=1/allow-quit=0/g" -e "s/prompt-to-save=0/prompt-to-save=2/g" "!mypath!" > "!mypath!.new"
   move /Y "!mypath!" "!mypath!.old"
   move /Y "!mypath!.new" "!mypath!"
   attrib +R "!mypath!"
  )
 )
)

if exist %appdata%\Anzio Lite\%tgtfile% (
 ::echo anziowin found in appdata
 %0\..\ssed.exe -e "s/allow-quit=1/allow-quit=0/g" -e "s/prompt-to-save=0/prompt-to-save=2/g" "%appdata%\Anzio Lite\%tgtfile%" > "%appdata%\Anzio Lite\%tgtfile%.new" 
 move /Y "%appdata%\Anzio Lite\%tgtfile%" "%appdata%\Anzio Lite\%tgtfile%.old"
 move /Y "%appdata%\Anzio Lite\%tgtfile%.new" "%appdata%\Anzio Lite\%tgtfile%"
 attrib +R "%appdata%\Anzio Lite\%tgtfile%"
)

::End
endlocal