Space "Magically" missing on Win 2012 drives

An apparently (almost) empty drive might show low space but looking at the files found that only a few GB was being consumed. Upon checking on the drive turned on show hidden on the server in a folder called System Volume Information.

The System Volume Information folder is a hidden system folder that the System Restore tool (XP, Vista/7/8) uses to store its information and restore points, it is also used by shadow copies for  backups and other purposes on Windows 2003/2008 and 2012. There is a System Volume Information folder on every partition on your computer.

So how do you reclaim the space? Well there are two ways either through the GUI or the command line to recover space that system restore is not using. Special Note: if you do this on SQL servers it will stop the MSSQL service.

CLI Method

Open a command prompt with the “Run as Administrator” option. Type in vssadmin list shadowstorage

As you can see the output shows used Space, Allocated Space and Maximum Space.

We can also see what available restore information is available by running vssadmin list shadows

So now let’s get to reclaiming the space on one of the drives. In the issue I had with disappearing space was with the F:\ drive. So to reclaim it I want to resize the maximum allocated space setting to 1 GB. The syntax is:

vssadmin resize shadowstorage /on=[here add the drive letter]: /For=[here add the drive letter]: /Maxsize=[here add the maximum size]

For Example:

vssadmin resize shadowstorage /on=F: /For=F: /Maxsize=1GB


To validate the changes took run vssadmin list shadowstorage.


Repeat the steps to make the changes to other drives and the space will be recovered.

GUI Method

Double click on Computer to see your drives. Right click on the drive in question and select Properties. Click on the shadow copies tab.


Select the drive in the list and click on the settings button. Check the Use Limit box and type in the amount in MB to which you want to set (1024 for 1GB) and click OK. Repeat for other drives until completed.


You are all done and now have more space.

Boot parameters for SCO6 on HP Gen8 servers (officially unsupported)

Install an extra P400 controller and connect the drives cage to it. Do not disable the on-board i400!
Install an extra E1000 dual NIC, as the onboard BCMs are not recognized by the kernel.

In BIOS, switch the sata controller to ahci and boot.

The following parameters allow you to boot and install OSR6 on Gen8:
 USE_XAPIC=Y ACPI=Y MULTICORE=N ENABLE_4GB_MEM=N

After the installation is done ( see sco-sysv-on-hp-server-install-notes ), only USE_XAPIC=Y have to be added to /etc/default/boot.

HP MSM Wifi for Guests - limit access only to GW and DNS

Custom filters:
inbound: ether proto 0x888E or arp or (((udp (udp src port 53 and udp dst port 53)port 68 and udp dst port 67) or (udp src port 53 or udp dst port 53) or ether dst %b or ether dst %w or ether dst %g or multicast) and ((ether proto 0x8863 or ether proto 0x8864 or ip) and not (multicast and (udp port 137 or udp port 138 or udp port 139))))

outbound: (udp src port 53 or udp dst port 53) or ((ether proto 0x888E or arp or ((udp dst port 68 or ether src %b or ether src %w or ether src host %g or multicast) and ((ether proto 0x8863 or ether proto 0x8864 or ip) and not (multicast and (udp port 137 or udp port 138 or udp port 139 or udp dst port 3490))))) and (not ether dst 01:00:0c:cc:cc:cc))

Install DD-WRT on Buffalo WZR-600DHP2

1 Download the Official DD-WRT image from 
http://www.buffalotech.com/support-and-downloads/download/wzr600dhp2d-v24sp2-23709a.zip


2 login to http://192.168.11.1/cgi-bin/cgi?req=frm&frm=py-db/55debug.html
username: bufpy
password: otdpopypassword

Click on telnetd, click on Start

3 telnet 192.168.11.1 and type: "ubootenv set accept_open_rt_fmt 1"

4 point your browser to 
http://192.168.11.1/cgi-bin/cgi?req=frm&frm=py-db/firmup.html
5 upload the firmware you downloaded (and unziped) on step 1
6 wait.
7 wait.
8 WAIT I SAID!
9 wait some more time, then login to http://192.168.1.1/ admin:password 
- enjoy DD-WRT!

(thanks to Guilherme Garnier for correcting me at the last step)

Firmware 2.27 and higher have a slightly different procedure:

1 login to http://192.168.11.1/cgi-bin/cgi?req=frm&frm=py-db/55debug.html username "bufpy" password "otdpopypassword"
2 In a new tab, go to the normal web interface at http://192.168.11.1 (automatically logged in in debug mode)
3 Click on the new button "debug-disp"
4 Click on the (second to last) link "admin", then on the (first) link "name"
5 Click on the last link ending in firmup.html
6 In this interface, any ".bin" firmware (i.e. not in the typical Buffalo .zip package) can be uploaded without validation. It should also be possible to downgrade to an earlier Buffalo stock firmware on this page.

Fix Windows 7 Boot

Fixing the Master Boot Record (MBR)

Step one: Boot from either your Windows 7 Installation DVD or Windows 7 System Recovery Disc.   Remember, you may need to change the boot order inside your BIOS to have the your DVD drive boot first.

Step two: After the installation or recovery disc loads, if prompted, select your language settings and then continue.   If you are using the installation DVD, when prompted by the following screen select Repair your computer.

Step three: The computer will take a moment now to scan itself for any Windows installations, after which you will likely be given a choice to select which installation you wish to repair.   Select the appropriate Windows installation from the list and then continue. If by chance a problem is detected in one of your Windows installations at this initial stage, the system may also ask you if it can try to repair the problem automatically. It is up to you if you wish to let the system try to repair itself, but otherwise just select No.  

Step four: Once you have reached the System Recovery Options screen, as shown below, you will be faced with a list of choices that can aid you in repairing a damaged Windows 7 operating system.   If you wish to try the Startup Repair option first, it is often successful in automatically fixing many different start up issues, but in this article we will be using the Command Prompt option to resolve our problems manually. So, click Command Prompt to continue.  

Step five: Now sitting at the command prompt, enter the following command and then press enter:

                bootrec.exe /FixMbr

If successful, you should be greeted with the message The operation completed successfully.   That's it!   Your Master Boot Record has been repaired.

While the above command does fix the MBR, and sometimes that is enough, there still might be an error with the system partition's boot sector and Boot Configuration Data (BCD). This might occur if you have tried to install another operating system alongside Windows 7, such as Windows XP.   To write a new boot sector, try the following command:

              bootrec.exe /FixBoot

If you are still faced with your Windows 7 installation not being detected during start up, or if you wish to include more than one operating system choice to your system's boot list, you can try the following command to rebuild your BCD:
              
              bootrec.exe /RebuildBcd

The above command will scan all your disks for other operating systems compatible with Windows 7 and allow you to add them to your system's boot list. If this fails, you may need to backup the old BCD folder* and create a new one in its place with the following commands:

              bcdedit /export C:\BCD_Backup

              c:

              cd boot

              attrib bcd -s -h -r

              ren c:\boot\bcd bcd.old

              bootrec /RebuildBcd

*Some users also find simply deleting the boot folder and retrying the above steps effective at resolving boot issues, but it is not recommended.


How to change active partitions

Upon purposely changing the active partition on my system drive, I was faced with a BOOTMGR is missing error during my system's start up that prevent Windows from starting. It is a common mistake to make when playing with partitions on a system drive and it can be a headache to solve if not prepared. To change your active partition back using the Windows 7 recovery disc or Installation DVD, follow the steps below.

Step one: Follow steps one to four in the above guide. This should take you to the Command Prompt in the Windows Recovery Environment.

Step two: Type DiskPart and then press Enter.

Step three: Type List Disk now and then press Enter. This command will list all disks attached to your computer and assign them a disk number.

Step four: Type Select Disk x, where x is the number for the disk containing the partition you wish to make active. Press Enter.

Step five: Type List Partition and then press Enter. You will now be shown a list of the partitions on the selected disk. Determine which partition you wish to make active.

Step six: Type Select Partition x, where x is the number of the partition you wish to make active.

Step seven: Now, just type Active and then press Enter. That should be it - the selected partition is now active.

How to create a Windows 7 System Recovery Disc

Windows 7 makes it easy to create a System Recovery Disc if you already have Windows 7 installed and running.  

Step one: Click Start > All Programs > Maintenance > Create a System Repair Disc

Step two: Insert a blank CD or DVD into your disc drive.

Step three: Click Create disc and let the program do its thing.

That's it! It only needs to write about 140- to 160-megabytes to the disc, depending on whether your OS is 64-bit or 32-bit, and that should only take a minute. If you do not have a CD/DVD-R drive to create a recovery disc with, you can alternatively download the ISO image of the Windows 7 System Recovery Disc and use it to make a bootable USB flash drive.

How to create a Windows 7 System Recovery USB flash drive

Step one: If you do not have a DVD drive, download the appropriate Windows 7 Recovery Disc image. Alternatively, if you have a DVD drive, you can use an existing Windows 7 Installation DVD or a Windows 7 Recovery Disc when at step seven.  

Using a Windows 7 Installation DVD at step seven will also allow you to install Windows 7 via USB, not just recover a damaged system; very useful if you have a netbook!

Step two: Open a command prompt with administrative rights. To do this, click Start > All Programs > Accessories and then right click Command Prompt, followed by clicking Run as administrator.

Step three: After accepting any UAC verification questions, you should now be at the command prompt. Make sure your USB flash drive is plugged in and then type DiskPart, followed by pressing Enter.

Step four: Type List Disk and then press Enter. Determine which disk number corresponds to your USB flash drive. In the following scenario, Disk 1 corresponds to our USB drive since we know our USB drive has a capacity of 2-gigabytes.

Step five: Enter the following commands in order, changing the disk number to the disk number listed for your USB drive.   Warning - the following commands will erase everything on your USB drive or the disk you select.

              Select Disk 1

              Clean

              Create Partition Primary

              Select Partition 1

              Active

              Format FS=NTFS

Step six: After DiskPart successfully formats the USB drive, which might take a few minutes, you will want to enter the following commands:

              Assign
              Exit

Step seven: You will now need to copy the contents of the ISO image you downloaded, or the contents of a DVD you wish use, to the USB flash drive.   There should be two folders and a file in the ISO image that need to be copied. To extract the files contained within an ISO image, you will need to use a program such as 7-zip.

Step eight: Now that the files are copied, we will want to make the USB drive bootable. To accomplish this however we will need to download a small file called bootsect.exe; it can be found in the boot directory of the Windows 7 Installation DVD.  Once downloaded, place the bootsect.exe file in the root directory of your USB flash drive.

Step nine: Back at the command prompt, we will want to change the current directory to that of the USB drive and run the bootsect command. In our case this is drive E, so we will be using the following respective commands:

                 e:
                 bootsect /nt60 e:

The bootsect command will update the target volume with a compatible bootcode. If all goes well, you should now have a bootable USB recovery drive; just remember to add the USB drive to the boot list in your system's BIOS for it to work upon start up.

Exchange2010 on Windows2012 - my way

Install-WindowsFeature RSAT-ADDS, AS-HTTP-Activation, Desktop-Experience, NET-HTTP-Activation, NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation

reboot 

install
http://www.microsoft.com/en-us/download/details.aspx?id=17062
http://www.microsoft.com/en-gb/download/details.aspx?id=26604
http://www.microsoft.com/en-us/download/details.aspx?id=34992

merge this into registry:

--- CUT HERE ---
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{770ca594-b467-4811-b355-28f5e5706987}\ChannelReferences]
"Count"=dword:00000002

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{770ca594-b467-4811-b355-28f5e5706987}\ChannelReferences\0]
@="Add Microsoft-Windows-ApplicationResourceManagementSystem/Diagnostic"
"Id"=dword:00000010
"Flags"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{770ca594-b467-4811-b355-28f5e5706987}\ChannelReferences\1]
@="Add Microsoft-Windows-ApplicationResourceManagementSystem/Operational"
"Id"=dword:00000011
"Flags"=dword:00000000

--- CUT HERE ---


cdrom:\setup.exe /preparead

when runing setup DO NOT check "Automatically install Windows Server roles and features required for Exchange Server"

DO NOT REBOOT!
DO NOT START Exchange Management Console yet!

Install Exch2010 SP3

reboot

You may find that on Server2012 you can launch the Exchange Management Console, but are unable to expand any of the objects in the left hand pane.
Exchange 2010 Exchange Management Console was built with CLR (Common Language Runtime) version 2.0. Windows 2012/8 by default runs its MMC snap ins with CLR version 4.0.
to fix it, start cmd and type:

set __COMPAT_LAYER=RUNASINVOKER
set COMPLUS_Version=v2.0.50727
"C:\Program Files\Microsoft\Exchange Server\V14\Bin\Exchange Management Console.msc"


Now you can do the usual stuff.

BTW: Don't be an idiot (like me), don\t install Eset RA Server before installing Exchange, that will put the Exchage RA web console on ports :80 and :443 and IIS will never start. 
netstat -a -b -n -p tcp is your friend in this case, run it and you will see who occupies your ports.

Reset the username and password on a Symbol WS-2000

Connect the WS-2000 to the PC using a standard 9F to 9F null modem cable 
(the old 3Com serial)
Baud Rate - 19,200
Data Bits - 8
Parity - None
Stop Bits - 1
Flow Control - None
Emulation needs to be set to "Autodetect" or "ANSI"

Power cycle the WS-2000.
While the WS-2000 is booting up, press and hold the ESC key (you'll see 
a boot> prompt).
This should bring you to the boot command line.
Type "passwd default".
Type "reboot".
After the system boots back up, the username and password should be set 
back to the default
admin:symbol

"FullyQualifiedErrorId : -2144108477,PSSessionOpenFailed"

The PowerShell window displayed this error.

VERBOSE: Connecting to E15MB2.exchange2013demo.com.
New-PSSession : [e15mb2.exchange2013demo.com] Processing data from remote server e15mb2.exchange2013demo.com failed
with the following error message: The WinRM Shell client cannot process the request. The shell handle passed to the WSMan Shell function is not valid. The shell handle is valid only when WSManCreateShell function completes successfully. Change the request including a valid shell handle and try again. For more information, see the about_Remote_Troubleshooting Help topic.
At line:1 char:1
+ New-PSSession -ConnectionURI “$connectionUri” -ConfigurationName Microsoft.Excha …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (System.Manageme….RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotingTransportException
+ FullyQualifiedErrorId : -2144108212,PSSessionOpenFailed

The cause of this error in my specific case was that the SSL certificate was no longer bound to the Exchange Back End website on that Exchange 2013 server.

To fix this, in IIS Manager right-click the Exchange Back End website and click Bindings.

Highlight https and click Edit.

If you see “Not selected” like I did, click on Select.

Choose the certificate you want to bind to the site.

Apply the changes and retry the Exchange management shell. If it connects successfully to the server then you have most likely resolved this issue.

Exchange 2013 disable auto-mapping of mailboxes with full access

Exchange 2013 disable auto-mapping of mailboxes with full access

# Get all mailboxes in the forest
$Mailboxes = Get-Mailbox -ResultSize unlimited -IgnoreDefaultScope
$ConfirmPreference = 'None'

# Iterate over each mailbox
foreach($Mailbox in $Mailboxes)
{
    try
    {
        # Try to run the example fix against the current $Mailbox
        $FixAutoMapping = Get-MailboxPermission $Mailbox |where {$_.AccessRights -eq "FullAccess" -and $_.IsInherited -eq $false}
        $FixAutoMapping | Remove-MailboxPermission -confirm $false
        $FixAutoMapping | ForEach {Add-MailboxPermission -Identity $_.Identity -User $_.User -AccessRights:FullAccess -AutoMapping $false}
    }
    catch
    {
        # Inform about the error if unsuccessful
        Write-Host "Encountered error: $($Error[0].Exception) on mailbox $($Mailbox.DisplayName)" -ForegroundColor Red
    }
}

Deploy local printers to Windows XP

- Go to a computer without any printer installed, login as administrator and  install all the printers you need to deploy.
- download & run UTFG://printmig.exe go to Actions and click on Backup - save the cab file with the name printers.cab
- download  UTFG://ListComps.exe and run listcomps.exe /D:MY_DOMAIN >> comps.txt
  (replace MY_DOMAIN with the domain you're in) edit the file comps.txt in order to remove unwanted computers, servers...
- in a command prompt type the following line: for /F %r in (comps.txt) do printmig.exe -i -r printers.cab \\%r 
- now watch printmig spawning an instance for every computer and pushing the drivers to all of them
- enjoy a beer 

if before you want to remove ALL the old network printers you can use my (somehow pretty drastic) method of deleting.
Add this .vbs script to the user login or use psexec.exe to launch it:

------------------BEGIN HERE--------------------
' removepr.vbs - Windows NT Logon Script. 
' VBScript - Silently remove ALL network printers
' -----------------------------------------------------------------------'
 
Const ForReading = 1 
Set objFSO = CreateObject("Scripting.FileSystemObject") 
Set objNet = CreateObject("WScript.Network")
Set WshShell = CreateObject("WScript.Shell")
Set wmiLocator = CreateObject("WbemScripting.SWbemLocator")
Set wmiNameSpace = wmiLocator.ConnectServer(objNet.ComputerName, "root\default")
Set objRegistry = wmiNameSpace.Get("StdRegProv")
Const HKEY_CLASSES_ROOT  = &H80000000
Const HKEY_CURRENT_USER  = &H80000001
Const HKEY_LOCAL_MACHINE = &H80000002
Const HKEY_USERS         = &H80000003
strComputer = "."

' If this script already run once for this user, then EXIT
userprrf = WshShell.Environment("PROCESS")("UserProfile") 
'wscript.Echo userprrf
If (objFSO.FileExists(userprrf & "\sctwashere.txt")) Then
Wscript.Quit
Else
blah = "let's have some fun"
End If

' Deletes RegistryKey with all subkeys in Network printers
sPath = "Printers\Connections"
lRC = DeleteRegEntry(HKEY_CURRENT_USER, sPath)
Function DeleteRegEntry(sHive, sEnumPath)
' Attempt to delete key.  If it fails, start the subkey enumration process.
lRC = objRegistry.DeleteKey(sHive, sEnumPath)
' The deletion failed, start deleting subkeys.
If (lRC <> 0) Then
' Subkey Enumerator   
On Error Resume Next   
lRC = objRegistry.EnumKey(HKEY_CURRENT_USER, sEnumPath, sNames)   
For Each sKeyName In sNames      
If Err.Number <> 0 Then Exit For      
lRC = DeleteRegEntry(sHive, sEnumPath & "\" & sKeyName)   
Next   
On Error Goto 0
' At this point we should have looped through all subkeys, trying to delete the key again.   
lRC = objRegistry.DeleteKey(sHive, sEnumPath)
End If
End Function 
'Now let's recreate only the "root" Key we deleted before
objRegistry.CreateKey HKEY_CURRENT_USER,sPath

'Tell something to the user 
'with createobject("wscript.shell")  
'   .popup "All Network Printers are now erased.",1, "Printers Manager"
'end with
------------------END HERE--------------------

Configure DHCP options for Nortel IP Phones

In DHCP manager right-click the IPv4 and choose "Set Predefined Options" click "Add", name "blah", data type string, code 128, no description, click OK. Now, in the String field type: Nortel-i2004-A,10.0.0.4:7000,1,10. The BCM IP is here 10.0.0.4, the default port is 7000, the first parameter (action) is always 1, the second parameter (10) is the retry number and pay attention, there is a dot (.) at the end! 

Cloud Print on an old local printer

add printer in local cups. make sure it prints. some printers require loading a firmware stub. in my /etc/rc.d/rc.local I have the following line:
/usr/share/hplip/firmware.py -n -p HP_LaserJet_1020



open chrome as a normal user (in our case luser23)
go to chrome://devices/
click add printer. follow instructions.

create the following init script and make sure is executed at startup

cat /etc/init.d/cloudprint

#!/bin/sh
#
# Start / Stop cloudprint daemon
#
# description:  Start / Stop cloudprint daemon
# chkconfig: 345 99 9
#
### BEGIN INIT INFO
# Provides: cloudprint
# Default-Start: 3 4 5
# Short-Description:  Start / Stop cloudprint daemon
# Description:  Start / Stop cloudprint daemon
### END INIT INFO

# Source function library.
. /etc/rc.d/init.d/functions

# config file
CONF=/etc/cloudprint.conf

[ -r $CONF ] && . $CONF
[ -r $CONF ] || user=luser23
[ -r $CONF ] || options="/opt/google/chrome/chrome --type=service --enable-cloud-print-proxy --noservice-autorun --noerrdialogs --disk-cache-size=1 --media-cache-size=1 --disk-cache-dir=/tmp/chrome.$$ &"

# See how we were called.
case "$1" in
  start)
 gprintf "Starting cloudprint: "
 /usr/bin/su -l $user -c "$options" && success || failure
 echo
 ;;
  stop)
 gprintf "Shutting down cloudprint:"
 killproc chrome && success || failure
 echo
 ;;
  status)
 status chrome
 ;;
  restart)
 $0 stop
 $0 start
 ;;
  *)
 gprintf "Usage: %s\n" "$0 {start|stop|restart|status}"
 exit 1
esac
exit 0


cat /etc/cloudprint.conf

user=luser23
options="/opt/google/chrome/chrome --type=service --enable-cloud-print-proxy --no-service-autorun --noerrdialogs --disk-cache-size=1 --media-cache-size=1 --disk-cache-dir=/tmp/chrome.$$ &"

or just add in /etc/rc.d/rc.local the following line:
su -l luser23 -c '/opt/google/chrome/chrome --type=service --enable-cloud-print-proxy --no-service-autorun --noerrdialogs --disk-cache-size=1 --media-cache-size=1 --disk-cache-dir=/tmp/chrome.$$ '

TS-Remote-App: Create a launcher box containing the programs from C:\Users\Public\Desktop

This compiled .ahk will behave like an application launcher for multiple programs from TS in Remote-App mode. If you don't want it to launch the first program automatically, replace || with a single | on line #9.

Enjoy!

;(c)2014 sorin@xxxxxxxx.com under the terms of LGPL v2

#SingleInstance force

files =

Directory = C:\users\public\desktop

Loop, %Directory%\*.lnk, , 1

{

  fullfile = %A_LoopFileName%

  filename := RegExReplace(fullfile,"\.lnk","")

  files = %filename%||%files%

}

Gui, Color, 22BBFF

Gui -Caption +Border +AlwaysOnTop 

Gui, Font, S11, Tahoma

Gui, Add,Button, x255 Y3 w35 h22 gButtonOK, OK

Gui, Add,Button, x10 Y3 w35 h22 gButtonKill, X

Gui Add, ComboBox, X50 Y1 h10 r20 W200 vScript, %files%

Gui Show, x50 y0 H28 W300

ButtonOK:

GuiControlGet Script,, script

if script <>

Run, %Directory%\%script%.lnk, , ,PID

Return

ButtonKill:

Process, Close, %PID%

Sleep, 1000

exitapp

return

return

Upgrade PC*MILER from v23 to v28

Install PCM v28

Import custom places:

1.       Open PC*MILER 28

2.       Go to Tools>Import (Custom Places)

3.       Select File CustomPlaces.txt (in this folder)

4.       Follow File Import Steps - choose the corresponcence between fields, check "first row contain column header"

a.       At the end, be sure to select the option to Add to Custom Place Manager

b. Select the option, prior to adding the location, to overwrite existing places

Transfer the "avoids" in custom road manager:

1. Open PCM28

2. Go to Tools>Convert (Custom Roads)

3. Select the AvoidNa.dat file from your PC*MILER 23 Options folder (is in the same folder with this readme)

Enable the asp COM connection:

IIS MGR - Add Web Site

-Right-Click on ‘Sites’ and choose ‘Add Web Site’

Physical Path:  C:\ALK Technologies\PMW250\Connect\COM\ASP 

Physical path Credentials:  pcmiisuser (Setup using any name within Windows User Accounts – Page 4) 

Binding:  Type-http; IP Address-All Unassigned; Port-8080

Advanced Settings

Physical Path:  C:\ALK Technologies\PMW250\Connect\COM\ASP 

Application Pool:  PCMS_Test (Setup using any name with Application Pools) 

Physical path Credentials:  pcmiisuser (Setup using any name within Windows User Accounts – Page 4) 

 

Application Pool – Advanced Settings 

Name:   PCMS_Test 

Enable 32-Bit Applications:  True 

Managed Pipeline Mode:  Classic 

Identity:  NetworkService 

Loaded User Profile:  False

User Accounts

User Name:  PCMIISUSER 

Domain:  WIN2K8R2X64-VM (Local Machine) 

Group:  Administrators

IIS MGR SITE Permissions (Edit Permissions)

Add ‘PCMIISUSER’ with Full Control

Enable Directory Browsing

-Double-Click on ‘Directory Browsing’ 

-Choose ‘Enable’

Request Filtering

-Double-Click ‘Request Filtering’ 

-Remove extension asa

Make sure COM is registered

-     Browse to: C:\ALK Technologies\PMW250\Connect\COM

-     OVERWRITE pcmsole.dll with the one that comes from v23! (it should be in this folder)

-     Run ‘useCom32.bat’

-     Test with ‘ConnectComTester32’

Start/Restart IIS

-From CMD:  iisreset

OR

-Within IIS : Right-Hand Pane>Manage Web Site>Start

To Run Sample

-Under ‘Manage Web Site’ and ‘Browse Web Site’ 

-Choose ‘Browse *:8080 (http)

-Choose ‘Server_demo.asp’

Enable the Maps ASP COM connection:

IIS MGR - Add Web Site

-Right-Click on ‘Sites’ and choose ‘Add Web Site’

Physical Path:  C:\ALK Technologies\PMW250\MAPPING\ASP 

Physical path Credentials:  pcmiisuser (Setup using any name within Windows User Accounts – Page 4) 

Binding:  Type-http; IP Address-All Unassigned; Port-8081

Advanced Settings

Physical Path:  C:\ALK Technologies\PMW250\MAPPING\ASP 

Application Pool:  PCMMTest (Setup using any name with Application Pools) 

Physical path Credentials:  pcmiisuser (Setup using any name within Windows User Accounts – Page 4) 

 

Application Pool – Advanced Settings 

Name:   PCMM_Test 

Enable 32-Bit Applications:  True 

Managed Pipeline Mode:  Classic 

Identity:  NetworkService 

Loaded User Profile:  False

User Accounts

User Name:  PCMIISUSER 

Domain:  WIN2K8R2X64-VM (Local Machine) 

Group:  Administrators

IIS MGR SITE Permissions (Edit Permissions)

Add ‘PCMIISUSER’ with Full Control

Enable Directory Browsing

-Double-Click on ‘Directory Browsing’ 

-Choose ‘Enable’

Request Filtering

-Double-Click ‘Request Filtering’ 

-Remove extension .asa

Make sure COM is registered

-     Browse to: C:\ALK Technologies\PMW250\Mapping\COM

-     OVERWRITE pcmgole.dll with the one that comes from v27 (it should be in the same folder with this readme)!

-     Run ‘useCom32.bat’

-     Test with ‘C:\ALK Technologies\PCMILER28\Mapping\mapwin32.exe’

Start/Restart IIS

-From CMD:  iisreset

OR

-Within IIS : Right-Hand Pane>Manage Web Site>Start

To Run Sample

-Under ‘Manage Web Site’ and ‘Browse Web Site’ 

-Choose ‘Browse *:8081 (http)

-Choose ‘Mapping_demo.asp’

HP-2530-24G QOS by IP

The phone system will use the ip 192.168.x.21 or .22 (x=2 in branch 1, 6 in branch 2, 8 in branch 3)
The packets coming from those IPs are marked on the switch with DSCP code "EF" (dec 46  bin 101110) - Priority 7 High and treated by Bell's MPLS equipment as class C5 (Voice Signaling and Voice/Telephony)


Running configuration:

; J9776A Configuration Editor; Created on release #YA.15.12.0007
; Ver #04:01.ff.37.XX.XX
hostname "HP-2530-24G"
qos device-priority 192.168.8.20/30 dscp 101110
qos type-of-service ip-precedence
snmp-server community "public" unrestricted
vlan 1
    name "DEFAULT_VLAN"
    untagged 1-28
    ip address 192.168.8.3 255.255.255.0
    exit

Branch 2:

Running configuration:

; J9775A Configuration Editor; Created on release #YA.15.12.0007
; Ver #04:01.ff.37.XX.XX
hostname "HP-2530-48G"
qos device-priority 192.168.6.20/30 dscp 101110
qos type-of-service ip-precedence
ip default-gateway 192.168.6.1
snmp-server community "public" unrestricted
vlan 1
   name "DEFAULT_VLAN"
   untagged 1-52
   ip address 192.168.6.3 255.255.255.0
   exit

ChangeSN Windows XP

' WMI Script - ChangeSN.vbs
'
'sorinakis@g***.com
'**************************

ON ERROR RESUME NEXT
Dim VOL_PROD_KEY
VOL_PROD_KEY = "12345123451234512345" 'put here the real license without dashes
Dim WshShell
Set WshShell = WScript.CreateObject("WScript.Shell")
WshShell.RegDelete "HKLM\SOFTWARE\Microsoft\Windows 
NT\CurrentVersion\WPAEvents\OOBETimer"
'delete OOBETimer registry value
for each Obj in 
GetObject("winmgmts:{impersonationLevel=impersonate}").InstancesOf 
("win32_WindowsProductActivation")
result = Obj.SetProductKey (VOL_PROD_KEY)
if err <> 0 then
WScript.Echo Err.Description, "0x" & Hex(Err.Number)
Err.Clear
end if
next

Recreate Offline Address Book - Exchange 2010

1.    Create a new OAB.

a.    Open Exchange Management Console, expand “Organization Configuration” ->”Mailbox”.
b.    Click “Offline Address Book” tab. Right click the blank area and click “New Offline Address Book”.
c.    Type a different OAB name and click “Browse” to select the Exchange 2010 mailbox server as OAB generation server.
d.    Checked “Include the default Global Address Lists” option. As shown below:
e.    Click Next and checked “ Enable Web-base distribution” option and “ Enable public folder distribution” option. Click “Add” to select the default OAB virtual directory.
f.     Click “Next”, click “New” and click “Finish” to complete the creating process.

 

2.    Restart related services.

a.    Restart the “Microsoft Exchange System Attendant” service.
b.    Restart “Microsoft Exchange File Distribution” service.

 

3.    Update the new OAB and set it as default.

a.    Right click the new create OAB and click “Update” to update it manually. Waiting 15-30 minutes for the OAB generate finished.
b.    Right click the new OAB and click “set as default”. Click “Yes” to confirm it.

 

4.    Associate the new OAB to all the users’ mailbox databases.

a.    Expand “Server Configuration” ->”Mailbox”. Right click “mailbox database” and select “Properties”.
b.    Click “Client Settings” tab, under “Offline Address Book” option, click “Browse” button to choose the new created OAB. It will associate the new OAB to the mailbox store. Click “OK”. As shown below.
c.    Let problematic users click “Send/Receive” button on their Outlook client to download OAB, check whether the problem is resolved.

Install HPSUM on an rpm base distro

mount /dev/cdrom /mnt

cp /mnt/compaq/psp/linux /tmp/

cd /tmp/linux

./hpsum

- check for the prerequisite, usually you need expect, kernel-headers, rpm-build, gcc, libnl, redhat-rpm-config, openipmi and net-snmp  either form the redhat installation dvd (rpm -Uvh package), or you can use "yum install package" if you have yum repositories configured.

- you need to manually install hp-snmp-agents package from the hp dvd, it is not installed by hpsum (I presume it's a glitch). hp-snmp-agents needs hp-health (you find them both in the /tmp/linux directory that you just copied from the dvd)

- re-run ./hpsum untill you have no conflicts/unresolved dependecies!

- after installation and reboot run /sbin/hpsnmpconfig - you have to provide only the readonly (public) and the read/write (private) comunity for snmp.

- if everything seems ok, edit /opt/hp/hp-snmp-agents/cma.conf lin 22: trapemail . at the end of the line replace root with your email address - REMEMBER: you need a functional sendmail in order to be able to send emails!

HP Important Note:   The server needs to have 'sudo' installed in order to start or stop the snmp daemon and to send test traps.   'sudo' grants controlled root access to groups or users.   If installed after hp-snmp-agents please run a '/sbin/hpsnmpconfig'. In case of VMware ESX 3.x series, please run '/etc/init.d/hpasm reconfigure' after installation of hpasm.   These buttons will NOT work if 'sudo' is configured to only run when the user is logged into a 'real' tty.   To be able to perform the operations of start, stop, restart of the snmpd daemon, the user must comment out the line 'Defaults requiretty' in the /etc/sudoers file.   See man sudoers for details about the 'requiretty' flag.   If present, this flag will need to be removed from the '/etc/sudoers' configuration file.   The 'send trap' button also requires a tool snmptrap to be present on the system.   This tool is often bundled with the snmp stack (Suse) or in a package called 'net-snmp-util' (Red Hat).

10

Already 10. Looks like yesterday to me :)

Authentify linux users to a windows 2012 R2 domain controller

As root type:
rpm –Uvh  samba-winbind samba-winbind-clients pam_krb5 krb5-libs

Then:
authconfig --enablekrb5 --krb5kdc=2k12srv.domain.local --krb5adminserver=2k12srv.domain.local --krb5realm=DOMAIN.LOCAL --enablewinbind --enablewinbindauth --smbsecurity=ads --smbrealm=DOMAIN.LOCAL --smbservers=2k12srv.domain.local --smbworkgroup=DOMAIN --winbindtemplatehomedir=/home/%U --winbindtemplateshell=/bin/bash --enablemkhomedir --enablewinbindusedefaultdomain –update && net ads join -U administrator -D DOMAIN

vi smb.conf
[global]
   workgroup = DOMAIN
   password server = 2k12srv.domain.local
   realm = DOMAIN.LOCAL
   security = ads
   idmap config * : range = 16777216-33554431
   template homedir = /home/%U
   template shell = /bin/bash
   winbind use default domain = true
   winbind offline logon = true

Restart and enable winbind:
chkconfig winbind on
service winbind restart

-----------------------------------------------------------------------------------------------------------------------------






The old way, for a 2008 Server was:
rpm -Uvh samba-winbind-clients samba-winbind samba-client

service winbind start
chkconfig winbind on

authconfig --enablewinbind --enablewinbindauth --enablelocauthorize --enablemkhomedir --updateall

vi smb.conf:
# Any modification may be deleted or altered by authconfig in future
   workgroup = DOMAIN
   password server = 2008dc 2008R2dc
   realm = DOMAIN.LOCAL
   security = ads
   idmap config * : range = 16777216-33554431
   template homedir = /home/%D/%U
   template shell = /bin/bash
   winbind use default domain = true
   winbind offline logon = true
#--authconfig--end-line--

vi /etc/openldap/ldap.conf:
TLS_CACERTDIR   /etc/openldap/cacerts
SASL_NOCANON    on

cp shared_DOMAIN_cert.cer /etc/openldap/cacerts/
cacertdir_rehash /etc/openldap/cacerts/

net join -w DOMAIN -S 2008dc.domain.tld -U Administrator
systemctl restart winbind.service

In order to allow certain AD Groups to login:
vi /etc/login.group.allowed
A_CERTAIN_AD_GROUP

vi /etc/pam.d/sshd
auth       required     pam_listfile.so item=group sense=allow onerr=fail file=/etc/login.group.allowed

vi /etc/pam.d/login
auth       required     pam_listfile.so item=group sense=allow onerr=fail file=/etc/login.group.allowed

cd /home
mkdir DOMAIN

Map remote printer

map a local printer to TS session when "bring local printers to TS" fails miserably and start the App only after the printer is available

@echo off
setlocal enableextensions enabledelayedexpansion
set result=0
ser printer=oj100
Title Adding Printer. Be patient...
echo Adding printer. Do not start App yet...
ping -n 2 1.1.1.1 >nul 2>nul
taskkill /fi "username eq %username%" /im app.exe 2>nul
%userprofile%\delprint.vbs
ping -n 2 1.1.1.1 >nul 2>nul
echo Please wait. Starting Installation...
echo ..
for /F "tokens=2 delims=/: " %%f in ('%userprofile%\gettscip.exe') do (
echo Your IP is: %%f
:loop
net use \\%%f\ipc$ /d /y >nul 2>nul
ping -n 1 1.1.1.1 >nul 2>nul
net use \\%%f\ipc$ && set result=1
echo Result: !result!
if not !result! equ 1 goto :loop
Echo Add printer. This is going to take up to 5 minutes, be patient...
rundll32 printui.dll,PrintUIEntry /in /n "\\%%f\!printer!" /u /q /Gw
echo Setting default printer...
echo.
rundll32 printui.dll,PrintUIEntry /y /n  "\\%%f\!printer!" /q
echo.
)
Echo Starting App...
ping -n 3 1.1.1.1 >nul 2>nul
taskkill /fi "username eq %username%" /im app.exe >nul 2>nul
endlocal
C:\Users\Public\Desktop\App.lnk

DNS Adbock on router

In case you have, like me, a secodary dns on your DD-WRT router, you need a dns adblock on it too. By modifying the excellent tutorial from http://www.howtogeek.com/51477/how-to-remove-advertisements-with-pixelserv-on-dd-wrt/ I came to this script:

#!/bin/sh
########Functions setup#########################
logger_ads()
{
logger -s -p local0.notice -t ad_blocker $1
}

softlink_func()
{
ln -s /tmp/$1 /jffs/dns/$2
if [ "`echo $?`" -eq 0 ] ; then
logger_ads "Created $3 softlink to RAM on JFFS"
else
logger_ads "The attempt to create $3 softlink to RAM on JFFS *FAILED*"
logger_ads "it is obvious something IS *terribly wrong*. Will now exit... bye (ads will not be blocked)"
exit 1
fi
}

note_no_space()
{
logger_ads "I assure you this only takes $1 blocks, but I guess your too close to the edge for JFFSs comfort"
logger_ads "deleting the half witted file, as to not confuse the DNS service and free up the JFFS space for other uses."
}
##################################################
nvram set aviad_changed_nvram=0
logger_ads "########### Ads blocker script starting ###########"

if [[ -z "$1" ]]; then
logger_ads "Sleeping for 30 secs to give time for router boot"
sleep 30
else
logger_ads "override switch given"
[[ $1 = "-h" || $1 = "/?" ]] && echo "use -m to override the 30 seconds delay and -f to force a list refresh" && exit 0
[ $1 = "-f" ] && rm /jffs/dns/dnsmasq.adblock.conf && rm /jffs/dns/dlhosts
fi

while ! ping www.google.com -c 1 > /dev/null ; do
logger_ads "waiting for the internet connection to come up"
sleep 5
done

logger_ads "Adding a refresh cycle by puting the script in cron if it isnt there yet"
if [[ -z "`cat /tmp/crontab | grep "/jffs/dns/disable_adds.sh"`" ]] ; then
echo '0 0 * * * root /jffs/dns/disable_adds.sh -m' > /tmp/crontab
stopservice cron && logger_ads "stopped the cron service" startservice cron && logger_ads "started the cron service"
else
logger_ads "The script is already in cron"
fi

logger_ads "New IP and ports setup. Reserve the IP .100 for pixelserv"
pixel="`ifconfig br0 | grep inet | awk '{ print $2 }' | awk -F ":" '{ print $2 }' | cut -d . -f 1,2,3`.100"
mgmtip="`ifconfig br0 | grep inet | awk '{ print $2 }' | awk -F ":" '{ print $2 }'`"

# In my case, on IP .100 I have an apache serving null.html as error page. Comment
next 3 paragraphs, as I don't need pixelserv
#logger_ads "Move http interface to $mgmtip:88"
#if [[ -z "`ps | grep -v grep | grep "httpd -p 88"`" && `nvram get http_lanport` -ne 88 ]]
; then
# logger_ads "it seems that the http is not setup yet on port :88"
# stopservice httpd
# nvram set http_lanport=88
# nvram set aviad_changed_nvram=1
# startservice httpd
#else
# logger_ads "The http is already setup on $mgmtip:88"
#fi

#logger_ads "Redirect setup IP/Port from $mgmtip:80 to $mgmtip:88"
#[[ -z "`iptables -L -n -t nat | grep $mgmtip | grep 80`" ]] && logger_ads "did NOT find an active redirect rule with the iptable command, injecting it now." && /usr/sbin/iptables -t nat -I PREROUTING 1 -d $mgmtip -p tcp --dport 80 -j DNAT --to $mgmtip:88
#nvram get rc_firewall > /tmp/fw.tmp
#if [[ -z "`cat /tmp/fw.tmp | grep "/usr/sbin/iptables -t nat -I PREROUTING 1 -d $mgmtip  p tcp --dport 80 -j DNAT --to $mgmtip:88"`" ]] ; then
# echo "/usr/sbin/iptables -t nat -I PREROUTING 1 -d $mgmtip -p tcp --dport 80 -j DNAT --to $mgmtip:88" >> /tmp/fw.tmp
# nvram set rc_firewall="`cat /tmp/fw.tmp`"
# logger_ads "DONE appending forwarding to FW script"
# nvram set aviad_changed_nvram=1
#else
# logger_ads "The redirection $mgmtip:80 -> $mgmtip:88 in FW script is already in place"
#fi
#rm /tmp/fw.tmp

#logger_ads "Starting or ReSpawning pixelsrv on $pixel IP :80"
#/sbin/ifconfig br0:1 $pixel netmask "`ifconfig br0 | grep inet | awk '{ print $4 }' | awk -F ":" '{ print $2 }'`" broadcast "`ifconfig br0 | grep inet | awk '{ print $3 }' | awk -F ":" '{print $2 }'`" up
#if [[ -n "`ps | grep -v grep | grep /jffs/dns/pixelserv`" ]]; then
# logger_ads "the pixelserv is already up"
#else
# logger_ads "it seems that the pixelserv isnt up. starting it now"# /jffs/dns/pixelserv $pixel -p 80
#fi

logger_ads "Get the online dns blocking lists"
[ ! -e /jffs/dns/whitelist ] && echo google-analytics > /jffs/dns/whitelist && echo toma.guru >> /jffs/dns/whitelist
if [[ -n "$(find /jffs/dns/dlhosts -mtime +7)" || -n "$(find /jffs/dns/dnsmasq.adblock.conf mtime +7)" || ! -e /jffs/dns/dlhosts || ! -e /jffs/dns/dnsmasq.adblock.conf ]]; then
logger_ads "The lists are NOT setup at all yet, or more then 7 days old, will now retrieve them from the web"
logger_ads "Retrieving the MVPS hosts list..."
wget -q -O - http://www.mvps.org/winhelp2002/hosts.txt | grep "^127.0.0.1"
| grep -v localhost | tr -d '\015' >/tmp/dlhosts.tmp
logger_ads "adjusting the MVPS hosts list for our use"
cat /jffs/dns/whitelist | while read line; do sed -i /${line}/d /tmp/dlhosts.tmp
; done
sed -i s/127.0.0.1/$pixel/g /tmp/dlhosts.tmp
logger_ads "done adjusting the MVPS hosts list."
logger_ads "Retrieving the Yoyo domain list..."
wget -q
"http://pgl.yoyo.org/adservers/serverlist.php?hostformat=dnsmasq&showintro=0&mietype=plaintext" -O /tmp/adblock.tmp
logger_ads "adjusting the Yoyo domain list for our use"
cat /jffs/dns/whitelist | while read line; do sed -i /${line}/d /tmp/adblock.tmp
; done
sed -i s/127.0.0.1/$pixel/g /tmp/adblock.tmp
if [ "`df| grep /jffs | awk '{ print $4 }'`" -ge 65 ] ; then
logger_ads "Moving the Yoyo list to JFFS (as it looks that there is enough space for it)"
mv /tmp/adblock.tmp /jffs/dns/dnsmasq.adblock.conf
if [ "`echo $?`" -eq 0 ] ; then
logger_ads "Moving the YoYo domain list to JFFS operation was successful"
else
note_no_space 20
rm /jffs/dns/dnsmasq.adblock.conf
softlink_func adblock.tmp dnsmasq.adblock.conf YoYo
fi
else
logger_ads "*NOT* Moving the Yoyo list to JFFS (as it looks that there is *NOT* enough space for it)"
softlink_func adblock.tmp dnsmasq.adblock.conf YoYo
fi
if [ "`df| grep /jffs | awk '{ print $4 }'`" -ge 100 ] ; then
logger_ads "Moving the MVPS hosts list to JFFS (as it looks like there is enough space for it)"
mv /tmp/dlhosts.tmp /jffs/dns/dlhosts
if [ "`echo $?`" -eq 0 ] ; then
logger_ads "Moving the MVPS hosts list to JFFSoperation was successful"
else
note_no_space 72
rm /jffs/dns/dlhosts
softlink_func dlhosts.tmp dlhosts MVPS
fi
else
logger_ads "*NOT* Moving the MVPS list to JFFS (as it looks that there is *NOT* enough space for it)"
softlink_func dlhosts.tmp dlhosts MVPS
fi
else
logger_ads "The lists are less then 7 days old, saving on flash erosion and NOT refreshing them."
fi

logger_ads "Injecting the DNSMasq nvram options with the dynamic block lists"
nvram get dnsmasq_options > /tmp/dns-options.tmp
if [[ -z "`cat /tmp/dns-options.tmp | grep "/jffs/dns/dnsmasq.adblock.conf"`" || -z "`cat /tmp/dns-options.tmp | grep "/jffs/dns/dlhosts"`" && -e /jffs/dns/dnsmasq.adblock.conf ]] ; then
logger_ads "Did not find DNSMsaq options in nvram, adding them now"
echo "conf-file=/jffs/dns/dnsmasq.adblock.conf" >> /tmp/dns-options.tmp
echo "addn-hosts=/jffs/dns/dlhosts" >> /tmp/dns-options.tmp
nvram set aviad_changed_nvram=1
logger_ads "Added options to nvram DNSMasq options"
else
logger_ads "The DNSMaq options are already in place"
fi

logger_ads "Checking if the personal list is a file"
if [[ -z "`cat /tmp/dnsmasq.conf | grep conf-file=/jffs/dns/personal-ads-list.conf`" && -z "`nvram get dnsmasq_options | grep "/jffs/dns/personal-ads-list.conf"`" && -e /jffs/dns/personal-ads-list.conf ]] ; then
logger_ads "Yes the personal list is in the form of a file"
logger_ads "Removing whitelist from the personal file"
cat /jffs/dns/whitelist | while read line; do sed -i /${line}/d /jffs/dns/personal ads-list.conf ; done
echo "conf-file=/jffs/dns/personal-ads-list.conf" >> /tmp/dns-options.tmp
nvram set aviad_changed_nvram=1
else
[ ! -e /jffs/dns/personal-ads-list.conf ] && logger_ads "The personal list (assuming there is one) is not in a file"
[ -n "`nvram get dnsmasq_options | grep "/jffs/dns/personal-ads-list.conf"`" ] && logger_ads "The personal list is a file, and... it is already in place according to the NVRAM options readout"
[ "$1" = "-f" ] && cat /jffs/dns/whitelist | while read line; do sed -i /${line}/d /jffs/dns/personal-ads-list.conf ; done && logger_ads "overide switch given so removed whitelist from personal file"
fi
logger_ads "Final settings implementer"
if [ "`nvram get aviad_changed_nvram`" -eq 1 ] ; then
nvram set dnsmasq_options="`cat /tmp/dns-options.tmp`"
logger_ads "Found that NVRAM was changed and committing changes
now"
nvram commit
nvram set aviad_changed_nvram=0
logger_ads "Refreshing DNS settings"
stopservice dnsmasq && logger_ads "stopped the dnsmasq service"
startservice dnsmasq && logger_ads "started the dnsmasq service"
else
logger_ads "Nothing to commit"
fi
rm /tmp/dns-options.tmp
logger_ads "######### Ads blocker script has finished and you should be up and running ##########

Using Intel AMT’s embedded VNC server

Intel Chipsets with vPro/Intel AMT, paired with a Core i5/i7 or Xeon with integrated graphics, have a feature called Remote KVM.

To activate it, press Ctrl-P at the BIOS - this brings you to the MEBx menu, set a password (minimum 8 characters, mixed case, numbers and special characters are enforced - try to avoid #@$% - use star or exclamation), configure the network settings (DHCP, or static - it can even match the OS’s IP address!), enable Remote KVM and disable User Opt-In.

in order to set it up, download the Intel AMT SDK from http://software.intel.com/en-us/articles/download-the-latest-intel-amt-software-development-kit-sdk/ extract the ZIP and open ./Windows/Intel_AMT/Bin/KVM/KVMControlApplication.exe. (I had to install .net 2.0 in my wine in order to be able to run it.)
There, you can enable KVM by clicking "Edit Machine Settings" as seen in the following screenshot:

KVM Status can either be set to
-“redirection ports” (meaning it will only be accessible to clients that specifically support Intel AMT, such as RealVNC Viewer Plus or Intel’s KVM Console, the former of which costs $100, the later constantly overlays a RealVNC logo on the screen), or to
-“default port” (meaning it will be accessible on TCP port 5900 with any VNC client), or to
-“all ports” (which is the combination of both).
If you enable VNC access, you will also need to set an RFB Password. Warning, the password gets truncated at 8 characters but     at the same time has the security requirements identical to the general AMT password (Capital, small letter, number and special-character - WARNING: underscore is not special char, @$%&| are NOT allowed, choose star or exclamation to play safe).
If you disabled User Opt-In in the MEBx menu, you can disable it here as well.

Now you can use almost any VNC client you like (KRDC, Real, Ultra, and Tight VNC works fine, while TigerVNC seems to be unable to auth, and Apple Remote Desktop appears to cause the VNC server to freeze - it's Apple crap, what do you expect?).

Two things worth mentioning:
1: the initial BIOS splash screen is not visible during a KVM connection (not even on a directly-attached screen), so to get to the BIOS, you needed to blindly hit the F10.
2: it is not possible to enter the MEBx menu during a KVM connection (probably for security reasons), if you hit the corresponding CTRL+P key, it immediately exits and continues normal boot; if you establish a KVM connection while already in MEBx, you get disconnected immediately.

 If you’re building a home server, you should definitely consider getting system with Intel vPro/AMT 6.0 or later, you get ILO-like remote management capabilities for free.

Oh yeah, http://your_machine:16992 gives you access to logs, power control, network setup, users, exactly the same way ILO does!

And of course the OS has no idea something is running below him, there is no CPU load, on the host netstat shows no other connections except my ssh:
 tcp        0      0 192.168.aaa.xxx:22          192.168.aaa.yyy:49506       ESTABLISHED 2314/sshd

while from my workstation we can see a second connection to the VNC port 5900:
tcp        0      0 192.168.aaa.yyy:49506       192.168.aaa.xxx:22          ESTABLISHED 13362/ssh   
tcp        0      0 192.168.aaa.yyy:43311       192.168.aaa.xxx:5900        ESTABLISHED 29457/krdc

 Note the black blinking monitors in the upper-right corner - that screams "AMT":

Error 512 - rear chassis fan not detected on a Small Form Factor

as per hp site:
"Although the HP Compaq 8200 Elite Small Form Factor PC has no rear chassis fan installed, this error message may arise when the front panel cable assembly was damaged after a system repair attempt.
In a HP Compaq 8200 Elite Small Form Factor PC, Pin10 on the front panel cable connector is used to tell the system BIOS, that the chassis is a Desktop model, not Microtower model. This is necessary because the system board is also used in HP Compaq 8200 Elite Microtower PC, which has a rear chassis fan installed. Pin10 is not connected there.
If the cable on Pin10 of the connector in a HP Compaq 8200 Elite Small Form Factor PC was damaged accidently and therefore has no connection to the system board, the BIOS assumes that it is a Microtower model and therefore checks for a rear chassis fan."

There is a problem with the front panel connector:

Let's remove it and look, the pin 10 is not connected while pin 5 (usually unused) it is:

We just need to remove the plug from pin 5 and move it to pin10:

Finally the ground is moved from pin 5 to pin 10: