Пароль Windows

Для локальный учётный записей

Для снятия забытых паролей очень удобная утилита

Offline Windows Password & Registry Editor, Bootdisk / CD

Для ДОМЕНА

Как сбросить пароль администратора домена

(не проверял)

Сводится к подмене utilman.exe на cmd.exe

move D:\windows\system32\utilman.exe D:\windows\system32\utilman.bak
copy D:\windows\system32\cmd.exe D:\windows\system32\utilman.exe 

Второй способ, через запуск службы

Bacula Centos

Установка из rpm  http://repos.fedorapeople.org/repos/slaanesh/bacula

To install the repository, run as root the following commands.

For RHEL/Centos:

wget http://repos.fedorapeople.org/repos/slaanesh/bacula/epel-bacula.repo \
 -O /etc/yum.repos.d/epel-bacula.repo

For Fedora:

wget http://repos.fedorapeople.org/repos/slaanesh/bacula/fedora-bacula.repo \
        -O /etc/yum.repos.d/fedora-bacula.repo 

-------------------------------------------------------------- 

mysql на другом сервере 

yum install mysql-server
 

service mysqld start 

/usr/bin/mysql_secure_installation

mysql -u root -p 

GRANT ALL PRIVILEGES ON *.* TO 'my_user'@'localhost'
 IDENTIFIED BY 'my_password' WITH GRANT OPTION;

select user,host,password from mysql.user; 

# set root password
set password for root@localhost=password('password');
set password for root@'127.0.0.1'=password('password');
set password for root@'www.server.world'=password('password');

# delete anonymous user
delete from mysql.user where user='';
 

-------------------------------------------------------------- 

на bacula 

yum install bacula-director 

yum install bacula-storage 

yum install bacula-console 

[root@bacula bacula]# alternatives --config libbaccats.so

There are 3 programs which provide 'libbaccats.so'.

  Selection    Command
-----------------------------------------------
   1           /usr/lib64/libbaccats-mysql.so
   2           /usr/lib64/libbaccats-sqlite3.so
*+ 3           /usr/lib64/libbaccats-postgresql.so

Enter to keep the current selection[+], or type selection number: 1

cd /usr/libexec/bacula 

./create_mysql_database -h bcatalog.domain.ru -u root -p
./make_mysql_tables -h bcatalog.domain.ru -u root -p
./grant_mysql_privileges -h bcatalog.domain.ru -u root -p 

Задать пароль для пользователя bacula  

Пример FileSet для windows 

FileSet {
  Name = "windows-n2229-doc"
  Include {
    Options {
      signature = MD5
      Compression=GZIP
      Ignore Case = yes
    }
    File = "D:/Книги"
    File = "D:/vbs"
# обратите внимание на двойной бекслэш и кавычки! - видимо для старый версий
#    File = "D:\\Книги"
#    File = "D:\\vbs"
#    File = "D:\\Public\\tex\\Maps"
#    File = "D:\\Public\\Отдел\ продаж1"
}
Exclude {
    File = "*.mp3"
    File = "*.avi"
    File = "*.wmv"
    File = "*.tmp"
 }
}
 

---------------------------------------------

Отлично расписано 

#
# для каждого клиента под Linux
#
FileSet {
  Name = ИмяКлиента
# не делать полное копирование после изменения списка
# Ignore FileSet Changes = Yes
  Include {
    Options {
      compression = GZIP
      signature = SHA1
      onefs = yes
      aclsupport = yes
      noatime = yes
      checkfilechanges = yes
    }
    File = /
# каждую файловую систему отдельно
    ...
  }
  Exclude {
    File = /proc
    File = /sys
    File = /net
    File = /media
# для devfs
#    File = /dev
# для прочих
    File = /dev/pts
    File = /dev/shm
    File = /tmp
    File = /var/cache/yum
    File = /.journal
    File = /.fsck
    File = /var/lib/nfs/rpc_pipefs
    File = /.autofsck
    File = /selinux
    File = /var/named/chroot/proc
    File = ...
  }
}
#
# для каждого клиента под MS Windows XP/2003
#
FileSet {
  Name = ИмяКлиента
# не делать полное копирование после изменения списка
# Ignore FileSet Changes = Yes
  Enable VSS = Yes
  Include {
    Options {
      compression = GZIP
      signature = SHA1
      onefs = yes
      portable = no
      noatime = yes
      checkfilechanges = yes
      Ignore Case = yes
      wildfile = "*.avi"
      wildfile = "*.wmv"
      wildfile = "*.mp3"
      wildfile = "pagefile.sys"
      wildfile = "hiberfil.sys"
      wilddir = "System Volume Information"
      wilddir = "TEMP"
      wild = ...
      exclude = yes
    }
    File = "e:/"
# каждый диск отдельно
    ...
  }
} 

------------

# долговременное хранение для серверов с возможностью восстановления 
# состояния на любой день в течении недели, на любое воскресенье в течении месяца,
# на первое воскресенье в течении года
#   ночью первого воскресенья месяца - полное копирование на тома пула ИмяКлиента-monthly
#   в остальные воскресенья - полное копирование на тома пула ИмяКлиента-weekly
#   в прочие дни - копирование изменений на тома пула ИмяКлиента-daily
Schedule {
  Name = "ИмяКлиента-year"
  Run = Level=Full Pool=ИмяКлиента-monthly 1st sun at 00:05
  Run = Level=Full Pool=ИмяКлиента-weekly 2nd-5th sun at 00:05
  Run = Level=Incremental Pool=ИмяКлиента-daily mon-sat at 00:05
}
# среднесрочное хранение для серверов с возможностью восстановления 
# состояния на любой день в течении недели, на любое воскресенье в течении месяца
#   ночью в воскресенье - полное копирование на тома пула ИмяКлиента-weekly
#   в прочие дни - копирование изменений на тома пула ИмяКлиента-daily
Schedule {
  Name = "ИмяКлиента-year"
  Run = Level=Full Pool=ИмяКлиента-weekly sun at 00:05
  Run = Level=Incremental Pool=ИмяКлиента-daily mon-sat at 00:05
} 

Для восстановления 
должно быть в файле конфигурации хотя бы одно задание job restore

для восстановления удобно использовать Strip Prefix и Add Prefix 
 

Пример в среде windows, при этом Where = <directory> игнорируется, 
по крайней мере в bat это поле становится не доступным

Strip Prefix = <directory>

This directive applies only to a Restore job and specifies a prefix to remove from the directory name of all files being restored. This will use the File Relocation feature implemented in Bacula 2.1.8 or later. Using Strip Prefix=/etc, /etc/passwd will be restored to /passwd
Under Windows, if you want to restore c:/files to d:/files, you can use :

 Strip Prefix = c:
 Add Prefix = d:

--------------
Теперь перейдем непосредственно к восстановлению. Запускаем на сервере bconsole, выбираем restore и указывыем для восстановления соответствующий job.
На этапе выбора файлов для восстановления нам доступно несколько команд, опишу самые полезные:
help — подсказка
find — поиск нужного файла
ls,dir — просмотр файлов в текущем каталоге (каталоги с подкаталогами будут отображены с "+")
cd — смена каталога
mark file — отметить файл находящийся в текущем местоположении
mark dir/ — отметить отдельный каталог находящийся в текущем местоположении
mark * — отметить все файлы и каталоги внутри текущего каталога. Кстати, TAB здесь тоже работает
lsmark — просмотреть отмеченние файлы
pwd — показать текущий каталог
estimate — посчитать размер восстанавливаемых файлов
done — закончить отметку
Т.о. общая схема такая — ищем через find то что нужно, затем переходим в нужный каталог посредством cd и делаем mark на то, что нужно.
Важное замечание:
для bacula имеет значение регистр, не важно что клиентом выступает Windows-машина.

Install VMware Tools on Red Hat Enterprise/CentOS/Scientific Linux 6

Подключаем диск с vmware-tools

mount /dev/cdrom /mnt
разворачиваем tar в /tmp

Отключаем диск с vmware-tools

и запускаем
./vmware-install.pl


далее жмем enter (несколько раз)

Готово

Если в системе уже есть драйвера vmxnet3,pvscsi,vmmemctl, то они по умолчанию не заменяются на новые. Тогда запустить конфигуратор с параметрами

vmware-config-tools.pl --clobber-kernel-modules=vmxnet3,pvscsi,vmmemctl

Отключаем диск с vmware-tools


Проверка загрузки драйверов от VM-TOOLS смотреть здесь

Minimize virtual machine restarts or manual driver reloads

To minimize the number of virtual machine restarts, on each virtual machine check whether both the modules are actually configured and the corresponding virtual hardware is present. If these conditions are satisfied, you must restart the virtual machine.

• To check whether the VMXNET, VMXNET3, and PVSCSI modules are configured by VMware Tools, run the following commands from the virtual machine console: grep VMXNET_CONFED /etc/vmware-tools/locations | tail -1
grep VMXNET3_CONFED /etc/vmware-tools/locations | tail -1
grep PVSCSI_CONFED /etc/vmware-tools/locations | tail -1
  If the output contains yes for the adapter type, VMware Tools has configured the module.
• To check whether the virtual hardware is available, from the virtual machine console run the lspci -n command and examine the output for the following IDs: 15ad:0720 for VMXNET
  15ad:07b0 for VMXNET3
  15ad:07c0 for PVSCSI

You must restart the virtual machine or reload the driver module if the output of the grep driver_CONFED /etc/vmware-tools/locations command contains yes and the output of the lscpi -n command shows that the corresponding virtual hardware is available.
To see information about the adapter driver including its version, run the ethtool -i ethX command on the virtual machine, where X in ethX stands for the sequence number of the network adapter in the virtual machine.

Reload the VMXNET or VMXNET3 driver manually

To reload the VMXNET or VMXNET3 driver propagating its upgrade to the kernel, perform the following steps from the virtual machine console:

1. Stop virtual machine networking.

   /etc/init.d/network stop
   

2. Reload the driver module by running rmmod and modprobe. For example, for the VMXNET3 driver run the following commands: rmmod vmxnet3
modprobe vmxnet3
3. Start virtual machine networking.

   /etc/init.d/network start

   ! Перезагрузку выполнять из vSphere Client or vSphere Web Client. !

   ! Если из ssh, то сеть отвалится и соединение пропадет.           !

SDIDIAG

Verify That Your SDI Domain Key Servers Are Ready for Universal Password

TID-10086669 Using SDIDiag - Switches and Options ( 23SEP2005)

SECURITY DOMAIN SERVER MANAGEMENT

Name	Shortcut Command	Command
Add All Write Partition Servers	ADDPARTITIONSERVERS	AP
Add Domain Server	ADD	AS
List Domain Server	LISTSERVERS	LS
Remove Domain Server	REMOVE	RS
Sync Domain Server	SYNCDOMAIN	SD

SERVER MANAGEMENT

Name	Shortcut Command	Command
Find Servers in Container	FINDSERVERS	FS
List Server Keys	LISTKEYS	LK
Resync Keys for Container	RESYNC	RD
Sync Server Keys from Domain	SYNCSERVER	SS

DIAGNOSTIC

Name	Shortcut Command	Command
Check Key or Domain Problems	CHECK	CK

OTHER COMMANDS

Name	Shortcut Command	Command
Help on most used commands	HELP	HE
Exit SDIDiag	EXIT or QUIT	E or I

>	Redirected output to a file using the '>' redirection switch.
>>	Append output to an existing file.
-A	Access servers regardless of their eDirectory or NICI versions. By default SDIDiag Version 2.00 Thursday, May 22, 2003, references only servers running eDirectory version 8.7.1 or higher. NOTE: It is strongly recommended that all servers be running a minimum of NICI 2.4.2 or higher.
-F	Force operation. Depending on the command, the -F switch removes any Security Domain Servers that do not hold a writeable replica of the W0.KAP.Security object.
-G	Generate a new key. When used with the SD command, all Security Domain Servers will be synchronized to hold this new key.
-I file	Specify an input file of server names to access. This switch specifies a file that holds a list of serverDNs for the command to process. In most cases, the objects are fully qualified dot delimited distinguish names with one server per line. Normally the -O file switch creates this file.
-N containerDN	Specifies with a fully qualified dot delimited distinguished name of a container that the command will reference.
-O file	Create an output file of server names. This switch defines a file to hold output information that may be passed to a command via the -I file switch. Normally, the -O file switch will contain a fully qualified dot delimited distinguished name list of servers.
-R	Revoke all keys. The -R switch will implicitly perform a -G switch operation after revoking all the keys.
-S serverDN	Specifies with a fully qualified dot delimited distinguished name a server name. NOTE: serverDN includes the tree name, for example: -S SERVERA.NOVELL.TEST-TREE
-T	Two pass "Comprehensive" switch for the RD command.
-U file	Create a file of server with incompatible NICI SDI support. The -U switch creates a file that contains a fully qualified dot delimited distinguished name of servers on which NICI must be upgraded to fully support multiple SDI keys. Server names are not displayed when this switch is omitted.
-V	Verbose, display all messages to SDIDiag console.
-X	Limit the search for servers to the container specified with the -n containerDN switch.

EXAMPLES OF SDIDiag COMMANDS

SECURITY DOMAIN MANAGEMENT
AS [-A] [-V] [-S serverDN]  [> file | >> file]
Add server -S serverDN as a Security Domain Server.
Another way to do this is to open Console One and go to the W0 object in the Security Container. Select the "Other" tab on the W0 object and add an additional server as an attribute value to the "NDSPKI:SD Key Server DN" attribute.
LK [-A] [-V] [-S serverDN]  [> file | >> file]
List keys held by the Security Domain Servers.
All servers which are listed under the "NDSPKI:SD Key Server DN" attribute on the other tab of the W0 object will be displayed with their associated SD Keys.
LS [-A] [-V] [-S serverDN]  [> file | >> file]
List the current Security Domain Servers.
Another way to gather this information is to open Console One and go to the W0 object in the Security Container. Select the "Other" tab on the W0 object and view the values of the "NDSPKI:SD Key Server DN" attribute.
RS [-A] [-V] [-S serverDN]  [> file | >> file]
Remove server -S serverDN as a Security Domain Server.
This can also been done through Console One by going to the W0 object in the Security Container. Select the "Other" tab on ther W0 object and delete a server shown as an attribute balue to the "NDSPKI:SD Key Server DN" attribute.
AP [-A] [-V] [-F] [> file | >> file]
Add any server hosting a writeable replica of the .W0.KAP.Security.Tree-Name object as a Security Domain Server.
If the -F switch is given, additionally remove any servers that do not hold a writeable replica.
 SD [-A] [-V] [-R] [-G] [-S serverDN ] [> file | >> file]
Synchronize the Security Domain Servers. The optional -R switch revokes all existing keys and generates a new SD key for use within the tree. The optional -G switch generates a new SD key.

NOTE: If either the -R or -G switches are used, then the RD command may need to be used to resynchronize the new keys to the other servers in the tree.
Revoked keys are retained and used to access any existing items, however, they are not used to manage new keys.
SERVER MANAGEMENT
FS [-N containerDN] [-X] [-O file] [-U file]
Find all servers starting with the -N containerDN and all sub-containers unless the -X switch is given, in which case, limit the search to the -N containerDN only. Output all eDirectory 8.7.1 servers or higher to a file using the -O file while all other server that are listed are outputed to the -U file. The -O file  may be used as an input to any commands that the support the -I file switch.
LK [-A] [-V] [-S serverDN ] [> file | >> file]
List keys held by -s serverDN.
Example of using LK is:
SDIDIAG> LK -A -S .servername.org.tree_name
RD [-A] [-V] [-T] [-N containerDN] [> file | >> file]
Resynchronize the Security Domain Servers with other servers in the tree.
If the -T switch is given, RD or RESYNC, performs a two pass operation by first ensuring that the Security Domain Servers have a copy of all keys on all referenced servers.
Secondly, RD resynchronizes all servers with the updated Security Domain Servers.
If the -N switch is omitted, RD attempts to resync all servers within the tree; whereas when the -N containerDN switch is provided, RD only resynchronizes the Security Domain with all servers holding writeable replicas of the specified containerDN partition. It 1460 persist, then a full RESYNC may be attempted which may take a considerable time as every server will need to be contacted.
Examples of using RD are:
SDIDIAG> RD -T -n .orgUnit.org.tree_name.
SS [-A] [-V] [-R] [-S serverDN] [-I file] [-N containerDN]
Synchronize all keys on the specified -S serverDN, severs in listed in the -I file, or server hosting a writeable replica of the -N containerDN with the Security Domain Servers. The -R switch may optionally be given to revoke all the existing keys on the server before synchronizing with the Security Domain Servers.
Example of using SS is:
SDIDIAG> SS -A -R -S .servername.org.tree_name
DIAGNOSTIC
CK [-A] [-V] [-N containerDN] [> file | >> file]
Check and display possible problems and display recommendations for the Security Domain Servers. If the -N containerDN is provided, also check the servers hosting a writeable replica of the -N containerDN object for possible problems and provide recommendations.
Examples of using CK are:

SDIDIAG> CK
SDIDIAG> CK -N .orgUnit.org.tree-name
SDIDIAG> CK -A -N .orgUnit.org.tree-name >> SYS:\TEMP\OUTPUT.TXT

Install Nw65sp8

eDir 8.7 (instead of eDir 8.8) for a new server installation

If you need to install a new server with eDir 8.7, then boot from NW65SP8 Overlay CDs or DVD. When prompted to press any key to interupt the boot process, do so. Press "p" and specify this parameter (including the squared brackets):
[INST:spedir]
Press ENTER, then "i" to proceed with the installation as usual. This will give you eDir 8.7.3.10, instead of 8.8.4.        Взято

Installing VMware Tools in a NetWare Virtual Machine

1. Power on the virtual machine.

2. Select VM > Install VMware Tools.

The remaining steps take place inside the virtual machine.

3. Load the CD-ROM driver so the CD-ROM device mounts the ISO image as a volume. Do one of the following.

In the system console for a NetWare 6.5 virtual machine, type

LOAD CDDVD

In the system console for a NetWare 6.0 or NetWare 5.1 virtual machine, type

LOAD CD9660.NSS

4. When the driver finishes loading, you can begin installing VMware Tools. In the system console, type

vmwtools:\setup.ncf

When the installation finishes, the message VMware Tools for NetWare are now running appears in the Logger Screen (NetWare 6.5 and NetWare 6.0 guests) or the Console Screen (NetWare 5.1 guests).

5. Restart the guest operating system. In the system console, type

restart server

 

Upgrade с Windows Standard до Enterprise Edition

To determine the installed edition, run:

DISM /online /Get-CurrentEdition

To check the possible target editions, run:

DISM /online /Get-TargetEditions

Finally, to initiate an upgrade, run:

DISM /online /Set-Edition:<edition ID> /ProductKey:XXXXX-XXXXX-XXXXX-XXXXX-XXXXX

So, for example, to upgrade to Windows Server 2008 R2 Datacenter from a downlevel edition, you would run:

DISM /online /Set-Edition:ServerDatacenter /productkey:ABCDE-ABCDE-ABCDE-ABCDE-ABCDE

Почему то с официально купленным ключем не получилось, взял ключ из ссылки ниже

• Windows Server 2008 R2 Datacenter – 74YFP-3QFB3-KQT8W-PMXWJ-7M648
• Windows Server 2008 R2 Enterprise – 489J6-VHDMP-X63PK-3K798-CPX3Y 

Сервер до upgrade не был активирован. Ввел новый ключ (официально купленный) и активировал.

Воспользовался информацией

ещё

Запрет пользователям ввод в домен ПК

Оказывается, по умолчанию, в AD каждый пользователь может вводить в домен компьютеры. Т.е. вообще любой пользователь AD может добавить свой личный ноутбук в домен без ведома администратора. Чтобы заблокировать эту возможность, необходимо изменить всего лишь один атрибут.

The number of workstations currently owned by a user is calculated by looking at the ms-DS-CreatorSID attribute of machine accounts.

To modify Active Directory to allow more (or fewer) machine accounts on the domain, use the Adsiedit tool.

WARNING Using Adsiedit incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Adsiedit can be solved. Use Adsiedit at your own risk.

1. Install the Windows Support tools if they have not already been installed. This is necessary only for Windows 2000 and Windows Server 2003. For Windows Server 2008 and Windows Server 2008 R2, Adsiedit is installed automatically when you install the Active Directory Domain Services role.
2. Run Adsiedit.msc as an administrator of the domain. Expand the Domain NC node. This node contains an object that begins with "DC=" and reflects the correct domain name. Right-click this object, and then click Properties.
3. In the Select which properties to view box, click Both. In the Select a property to view box, click ms-DS-MachineAccountQuota.
4. In the Edit Attribute box, type the number of workstations that you want users to be able to maintain concurrently.
5. Click Set, and then click OK.

ссылка

Add workstations to domain