UPWORK/ODESK guru: Tips and Tricks for clients

skype: odesk.by / upwork.link , email: [email protected]/upwork.link

Archive for September, 2010

Использование блочных устройств в Linux через TCP/IP сеть.

without comments

What is NBD?

NBD is a software which enables one computer to provide another computer a direct low-level access to a block device. In other terms it helps share a block device over network.

In some environment the performance of sharing over network is better than NFS.( Sometimes even 10x it is claimed). This is commonly seen in thinclient.
It can export any type of filesystem
Best used as swap over network

NBD has two components. nbd-server and nbd-client.

On debian/ubuntu installation is like this

apt-get install nbd-server
apt-get install nbd-client

nbd-server is required on the server sytem.
nbd-client is required on the client system

On debian/ubuntu you can start relevant services like this

# /etc/init.d/nbd-server start

** (process:4393): WARNING **: Could not parse config file: Could not open config file.
** Message: Nothing to do! Bye!
Do not bother about the Warning. This will be issued if no configuration file present. You can give all required paramaters in command line.
Start the client
#/etc/init.d/nbd-client start
Starting NBD client process: Connecting…Activating…

This generally creates block devices /dev/nbd0 .. nbd10 for later usage.

I will explore nbd usage under following scenario

1.Server and client will be save.

2.Use localhost ( for ip address.

Exercise 1
Create an ext2 filesystem in a file. Mount this as block device. I will use /mnt/exports/nbd-exports as file which will have an ext2 file sytem. You can use other partition also

# mkdir /mnt/exports
use dd to create a file of 10mb

# dd if=/dev/zero of=/mnt/exports/nbd-export bs=1024 count=100000
100000+0 records in
100000+0 records out
102400000 bytes (102 MB) copied, 1.47414 s, 69.5 MB/s

Now create a filesystem in a file

# mke2fs /mnt/exports/nbd-export
mke2fs 1.41.3 (12-Oct-2008)
/mnt/exports/nbd-export is not a block special device.
Proceed anyway? (y,n)

Filesystem label=
OS type: Linux
Block size=1024 (log=0)
Fragment size=1024 (log=0)
25064 inodes, 100000 blocks
5000 blocks (5.00%) reserved for the super user
First data block=1
Maximum filesystem blocks=67371008
13 block groups
8192 blocks per group, 8192 fragments per group
1928 inodes per group
Superblock backups stored on blocks:
8193, 24577, 40961, 57345, 73729

Writing inode tables: 0/13 1/13 2/13 3/13 4/13 5/13 6/13 7/13 8/13 9/13 10/13 11/13 12/13 done
Writing superblocks and filesystem accounting information: done

This filesystem will be automatically checked every 26 mounts or
180 days, whichever comes first. Use tune2fs -c or -i to override.


create nbd server
Syntax of nbd-server is
nbd-server ip:portno file -l [permitted host]

So let me start the server

# nbd-server 5000 /mnt/exports/nbd-export
** (process:4441): WARNING **: Could not parse config file: Could not open config file.

Here 5000 denotes portnumber. /mnt/exports/nbd-export is the file/block device
we want to share with others.

Now I will use nbd-client to mount. For this first we have to start nbd-client process to attach to the server. Here it is

# nbd-client 5000 /dev/nbd0
Negotiation: ..size = 100000KB
bs=1024, sz=100000
Here : denotes server’s IP address
5000 denotes server port number
/dev/nbd0 is the device on the client.
Once the above command is executed, nbd-client will talk to server
and negotiate appropriate communication mechanism. This we can see
as the output above

Now that the device is created, I can mount it like other devices.

# mount /dev/nbd0 /mnt/test
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/sda2 19220528 9270540 8973640 51% /
tmpfs 513888 0 513888 0% /lib/init/rw
udev 10240 84 10156 1% /dev
tmpfs 513888 0 513888 0% /dev/shm
/dev/sda3 56765020 51267864 2613492 96% /home
/dev/scd0 1231890 1231890 0 100% /media/cdrom0
/dev/nbd0 96828 1550 90278 2% /mnt/test
Now we can use the mounted device as regular part of our system

# ls -l /mnt/test
total 12
drwx—— 2 root root 12288 2010-02-14 09:50 lost+found

# cp /tmp/testfile /mnt/test


If you want to disconnect following steps should be followed.

First Unmount the device
# umount /mnt/test
Then disconnect with -d option

# nbd-client -d /dev/nbd0
Disconnecting: que, disconnect, sock, done
Kernel call returned: Broken pipeClosing: que, sock, done

Exercise 2

Here I want to export an iso image to client as an ISO file sytem.
I have debian dump in /home/lenny_stable/

The sequence of commands are
Start the server
# nbd-server 8000 /home/lenny_stable/debian-500-i386-DVD-1.iso
** (process:4456): WARNING **: Could not parse config file: Could not open config file.

Here 8000 is the port number.

Now connect the client

# nbd-client 8000 /dev/nbd1
Negotiation: ..size = 4588206KB
bs=1024, sz=4588206

# mount /dev/nbd1 /mnt/test1
mount: block device /dev/nbd1 is write-protected, mounting read-only
Now we can use this like regular device
# ls -l /mnt/test1
total 1068
-r–r–r– 1 root root 27 2009-02-14 22:24 autorun.inf
dr-xr-xr-x 2 root root 2048 2009-02-14 22:24 css
lr-xr-xr-x 1 root root 1 2009-02-14 22:24 debian -> .
-r–r–r– 1 root root 984 2009-02-07 00:05 dedication.txt
dr-xr-xr-x 3 root root 2048 2009-02-14 22:24 dists
dr-xr-xr-x 6 root root 6144 2009-02-14 22:24 doc
-r–r–r– 1 root root 56513 2009-01-23 22:13 g2ldr
-r–r–r– 1 root root 8192 2009-01-23 22:13 g2ldr.mbr
dr-xr-xr-x 2 root root 2048 2009-02-14 22:24 install
dr-xr-xr-x 3 root root 2048 2009-02-14 22:24 install.386
dr-xr-xr-x 5 root root 4096 2009-02-14 22:24 isolinux
-r–r–r– 1 root root 509091 2009-02-14 22:32 md5sum.txt
dr-xr-xr-x 2 root root 4096 2009-02-14 22:24 pics
dr-xr-xr-x 4 root root 2048 2009-02-14 22:25 pool
-r–r–r– 1 root root 9714 2009-02-14 22:32 README.html
-r–r–r– 1 root root 119979 2009-02-14 01:22 README.mirrors.html
-r–r–r– 1 root root 60194 2009-02-14 01:22 README.mirrors.txt
-r–r–r– 1 root root 398 2009-02-14 22:24 README.source
-r–r–r– 1 root root 6150 2009-02-14 22:32 README.txt
-r–r–r– 1 root root 292416 2009-01-23 22:13 setup.exe
dr-xr-xr-x 2 root root 2048 2009-02-14 22:24 tools
-r–r–r– 1 root root 237 2009-02-14 22:24 win32-loader.ini
# df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/sda2 19220528 9270548 8973632 51% /
tmpfs 513888 0 513888 0% /lib/init/rw
udev 10240 84 10156 1% /dev
tmpfs 513888 0 513888 0% /dev/shm
/dev/sda3 56765020 51267868 2613488 96% /home
/dev/scd0 1231890 1231890 0 100% /media/cdrom0
/dev/nbd1 4588206 4588206 0 100% /mnt/test1


To disconnect do umount and nbd-client -d

Exercise 3

Directly mounting a block device. I have /dev/sda1 as an ntfs partition. I want to mount it as /mnt/tmp. Here it is


# nbd-server 9003 /dev/sda1


Now connect the nbd-client

# nbd-client 9003 /dev/nbd5

Negotiation: ..size = 17583111KB
bs=1024, sz=17583111


Now mount it as /mnt/tmp


# mount /dev/nbd5 /mnt/tmp

#ls -l /mnt/tmp/*.sys

-rw——- 1 root root 1064751104 2009-05-08 09:36 /mnt/tmp/hiberfil.sys
-rw——- 1 root root 1598029824 2009-05-08 09:36 /mnt/tmp/pagefile.sys


You can disconnect as usual.

Allowing write access to more than one client simultaneously may lead to data corruption.
Accessing from server causes deadlock conditions

Links which helped me understand NBD

Network Block Devices: Using Hardware Over a Network


Written by spectre

September 24th, 2010 at 12:05 pm

Posted in Tips and Tricks

Re-building a SLES 11 kernel

without comments

Building a distro kernel

First things first.

As always.. a warning.

Re-building and re-booting a distro kernel is conceptually, and in practice, a fairly easy thing to do. But it is also very easy to mess up your system with a single simple typo, with the practical consequences that you may need to reinstall your system. Being unable to re-boot a shared system where someone else has data that wasn’t backed up is a “most unpleasant” feeling. Be Wary

First. We strongly urge you to practice these steps on a victim system, where you have no problems what-so-ever of completely reinstalling the system. A “victim system” means there is nothing of importance on the system. No important data. No critical users or applications. No key work-in-progress.

Second. These steps are provided simply as a step-by-step guide of how several of us re-built the kernel in the labs on freshly installed victim systems. We most-certainly are not the official source for the right steps, nor do we claim this will work for everyone, and you should not expect any level of support from us on this.

Third. This should be intuitive, but amazingly-enough often isn’t clearly understood. So we’ll say it here explicitly. If you re-build your own kernel and you use that kernel, you have invalidated any hope for “official support” from your service provider while using that kernel.

SLES 11. Find the kernel-source “src.rpm”

On SLES 11, there are two DVD iso images.

If you mount the second DVD, it has the “source” files. Here we assume you’ve downloaded the DVD iso images to a local directory, let’s say: /usr/local/iso
# cd /usr/local/iso
# ls
SLES-11-DVD-ppc64-GM-DVD1.iso SLES-11-DVD-ppc64-GM-DVD2.iso
# mkdir /dvd
# mount -t iso9660 -o loop SLES-11-DVD-ppc64-GM-DVD2.iso /dvd
# find /dvd -name kernel-source*

You’ll need the *.src.rpm file.

This rpm cleverly doesn’t show up as installed if you do a rpm -qa | grep kernel-source. To tell whether you have installed the package, look under /usr/src/packages/SPECS. If there’s nothing there, then you have not installed the correct rpm.

Install the kernel-source “src.rpm”

You want the “src.rpm”, not just the “.rpm” file.
cd /dvd/suse/src
rpm -i kernel-source-

Copy the “spec” file from SOURCES over to the SPECS sub-directory.
cd /usr/src/packages/SOURCES
cp kernel-ppc64.spec ../SPECS

If the kernel-ppc64.spec file does not exist, you will first have to build the platform specific spec files…
# cd /usr/src/packages/SOURCES
# ls
kernel-binary.spec.in kernel-module-subpackage kernel-source.rpmlintrc kernel-spec-macros
kernel-docs.spec.in kernel-source.changes kernel-source.spec.in kernel-syms.spec.in
# ./mkspec

and then copy the kernel-ppc64.spec file to ../SPECS as previously stated.

Edit the ppc64 “spec” file to add a unique identifier
cd /usr/src/packages/SPECS
vi kernel-ppc64.spec

Change the Release identifier adding an identifier denoting your new kernel build (i.e. from “5” to something like “5.001”)
Release: 5

Release: 5.001

Save and file.

Note the current kernel level which will be used to compare the version after the rebuild/successful boot.
# uname -r

rpmbuild -ba kernel-ppc64.spec

rpmbuild is the clever step that packages all of the patches that constitute the “whole” of the kernel.
# rpmbuild -ba kernel-ppc64.spec
error: Failed build dependencies:
sparse is needed by kernel-ppc64-
fdupes is needed by kernel-ppc64-
kernel-dummy is needed by kernel-ppc64-

Now you need the SLES 11 SDK iso image.
mkdir /sdk
mount -t iso9660 -o loop /usr/local/iso/SLE-11-SDK-DVD-ppc64-GM-Media1.iso /sdk
cd /sdk/suse/ppc64/
rpm -i sparse-0.4.1.git1-1.21.ppc64.rpm
rpm -i fdupes-1.40-42.22.ppc64.rpm

Try again (noticing that there is no such thing as a kernel-dummy rpm file).
# rpmbuild -ba kernel-ppc64.spec
error: Failed build dependencies:
kernel-dummy is needed by kernel-ppc64-


From the README.SUSE file in /usr/src/packages/SOURCES
* kernel-dummy

This package is relevant inside the SUSE build system only. We use
it to synchronize release numbers among the kernel packages. When
building packages locally, the kernel-dummy package can safely be

Ok. Comment out that line.
%if ! 0%{?opensuse_bs}
# BuildRequires: kernel-dummy

We’re ready to go. But before we start, we want to modify the “spec” file to compile in parallel.

vi kernel-ppc64.spec
After the “build_flavor” line, add a line to define “jobs” to be the number of available CPUs.
%define build_flavor “ppc64”
%define jobs %(cat /proc/cpuinfo | grep processor | wc -l)

Try again.
rpmbuild -ba kernel-ppc64.spec
<lots of compilation messages>
Wrote: /usr/src/packages/SRPMS/kernel-ppc64-
Wrote: /usr/src/packages/RPMS/ppc64/kernel-ppc64-
Wrote: /usr/src/packages/RPMS/ppc64/kernel-ppc64-base-
Wrote: /usr/src/packages/RPMS/ppc64/kernel-ppc64-extra-

( or rpmbuild -ba –define ‘jobs N’ kernel-ppc64.spec where N = cores can also be used)

Building in parallel

Quick tangent.

To confirm you’re building in parallel, in a separate window fire up “top” and press the “1” key. Here’s an example of an 8 core (16 CPUs with SMT on) Power 6 system running SLES 11.
top – 09:51:50 up 17:30, 2 users, load average: 20.87, 8.87, 3.80
Tasks: 277 total, 19 running, 256 sleeping, 0 stopped, 2 zombie
Cpu0 : 41.5%us, 3.4%sy, 0.0%ni, 12.4%id, 6.1%wa, 0.0%hi, 0.0%si, 36.5%st
Cpu1 : 52.8%us, 2.1%sy, 0.0%ni, 8.4%id, 0.0%wa, 0.0%hi, 0.3%si, 36.4%st
Cpu2 : 55.7%us, 1.3%sy, 0.0%ni, 7.4%id, 0.0%wa, 0.0%hi, 0.0%si, 35.6%st
Cpu3 : 40.4%us, 2.4%sy, 0.0%ni, 21.0%id, 0.0%wa, 0.0%hi, 0.0%si, 36.2%st
Cpu4 : 45.3%us, 3.7%sy, 0.0%ni, 13.9%id, 0.0%wa, 0.0%hi, 0.3%si, 36.8%st
Cpu5 : 49.2%us, 1.6%sy, 0.0%ni, 12.4%id, 0.0%wa, 0.0%hi, 0.0%si, 36.8%st
Cpu6 : 48.7%us, 2.1%sy, 0.0%ni, 4.7%id, 0.5%wa, 0.0%hi, 0.0%si, 43.9%st
Cpu7 : 46.8%us, 1.8%sy, 0.0%ni, 6.3%id, 0.0%wa, 0.0%hi, 0.0%si, 45.0%st
Cpu8 : 46.1%us, 3.2%sy, 0.0%ni, 10.0%id, 0.0%wa, 0.0%hi, 0.0%si, 40.8%st
Cpu9 : 48.2%us, 2.4%sy, 0.0%ni, 8.9%id, 0.0%wa, 0.0%hi, 0.0%si, 40.5%st
Cpu10 : 50.4%us, 1.8%sy, 0.0%ni, 6.8%id, 2.6%wa, 0.3%hi, 0.0%si, 38.1%st
Cpu11 : 45.3%us, 2.4%sy, 0.0%ni, 10.8%id, 2.4%wa, 0.0%hi, 0.0%si, 39.2%st
Cpu12 : 51.7%us, 2.6%sy, 0.0%ni, 9.5%id, 0.0%wa, 0.0%hi, 0.0%si, 36.1%st
Cpu13 : 41.2%us, 3.4%sy, 0.0%ni, 18.7%id, 0.0%wa, 0.0%hi, 0.0%si, 36.7%st
Cpu14 : 55.5%us, 1.8%sy, 0.0%ni, 10.3%id, 0.0%wa, 0.3%hi, 0.0%si, 32.1%st
Cpu15 : 39.4%us, 2.9%sy, 0.0%ni, 24.3%id, 0.0%wa, 0.0%hi, 0.0%si, 33.4%st
Mem: 130335424k total, 19881792k used, 110453632k free, 1300288k buffers
Swap: 4096384k total, 0k used, 4096384k free, 17655936k cached

15460 root 20 0 192m 180m 9664 R 64 0.1 0:07.15 cc1
20488 root 20 0 67520 61m 9664 R 30 0.0 0:01.13 cc1
21028 root 20 0 50304 39m 9664 R 13 0.0 0:00.48 cc1
21114 root 20 0 50176 45m 9664 R 10 0.0 0:00.39 cc1
21236 root 20 0 50112 44m 9664 R 7 0.0 0:00.27 cc1
21251 root 20 0 49280 33m 9664 R 6 0.0 0:00.24 cc1
21332 root 20 0 49216 36m 8384 R 5 0.0 0:00.19 cc1
21386 root 20 0 49216 30m 9664 R 5 0.0 0:00.19 cc1
21313 root 20 0 36160 28m 9472 R 4 0.0 0:00.17 cc1
21267 root 20 0 49216 29m 9600 R 4 0.0 0:00.16 cc1
21374 root 20 0 32832 27m 9664 R 3 0.0 0:00.12 cc1
21401 root 20 0 32768 25m 7360 R 2 0.0 0:00.09 cc1
21346 root 20 0 32768 24m 7360 R 2 0.0 0:00.08 cc1
21425 root 20 0 32832 20m 7360 R 2 0.0 0:00.06 cc1
3 root RT -5 0 0 0 S 0 0.0 0:00.07 migration/0
90 root 20 0 0 0 0 S 0 0.0 0:06.30 pdflush
15481 root 20 0 16512 11m 4096 S 0 0.0 0:00.04 as
18123 root 20 0 7232 4288 3072 S 0 0.0 0:00.01 make
18300 root 20 0 7232 4352 3072 S 0 0.0 0:00.02 make
19403 root 20 0 7232 4416 3072 D 0 0.0 0:00.01 make
19487 root 20 0 7232 4224 3072 S 0 0.0 0:00.01 make
19611 root 20 0 7232 4224 3072 S 0 0.0 0:00.01 make
1 root 20 0 3648 1088 832 S 0 0.0 0:01.83 init

Install the newly built kernel.

So then we can install the new kernel rpm.
# cd /usr/src/packages/RPMS/ppc64
# rpm -i kernel-ppc64-
Setting up /lib/modules/

We recommend that you reboot to this kernel and confirm that it boots correctly.

We recommend that you do NOT change the default boot kernel, leaving the test kernel as an alternative choice.

Adding patches into the kernel build process.

There are several steps required to add a patch set into the build process.

Prepare the patch set.

The patch set it prepared by creating a patch directory and adding the patches to the directory. Once the patches are added to the directory, create a tar/bzip file of the patches.
tar -cjf patches.osjitter.tar.bz2 patches.osjitter

Add (copy) the patch set to the /usr/src/packages/SOURCES directory.
cp -p patches.osjitter.tar.bz2 /usr/src/packages/SOURCES/

Edit the kernel-ppc64.spec file and specify the patch set in 2 places.

1) Insert the patch set name after the last patch in the kernel-ppc64.spec file. Note to increment the Source number (Source121 is used for this case).
Source113: patches.kabi.tar.bz2
Source120: kabi.tar.bz2
Source121: patches.osjitter.tar.bz2 <— add the patch set
BuildRoot: %{_tmppath}/%{name}-%{version}-build
ExclusiveArch: ppc ppc64

# These files are found in the kernel-source

2) In the same spec file, find the %setup command and add the source number of the patch set to the reference line.
In this case, “-a 121” is added at the end of the %setup script.

# Unpack all sources and patches
%setup -q -c -T -a 0 -a 100 -a 101 -a 102 -a 103 -a 104 -a 105 -a 107 -a 108 -a 109 -a 110 -a 111 -a 112 -a 113 -a 120 -a 121 <— -a 121 is added

mkdir -p %kernel_build_dir

Update the ../packages/SOURCE/series.conf file adding the specific names of each patch. The order of placement should be considered.



The patch file has now been added to the kernel build process. The final step is to build the kernel using the rpmbuild command.

The patch can be verified by creating an output log of the build process and then examining the log to make sure the patch has been applied. In our case, we see reference to the patch as follows:

+ tar -xf –
+ ‘[‘ 0 -ne 0 ‘]’
+ /usr/bin/bzip2 -dc /usr/src/packages/SOURCES/patches.osjitter.tar.bz2
+ tar -xf –
+ ‘[‘ 0 -ne 0 ‘]’

+ patch -s -F0 -E -p1 –no-backup-if-mismatch -i ../patches.fixes/oprofile_bios_ctr.patch
+ patch -s -F0 -E -p1 –no-backup-if-mismatch -i ../patches.trace/utrace-core
+ patch -s -F0 -E -p1 –no-backup-if-mismatch -i ../patches.osjitter/patch_osjitter
+ patch -s -F0 -E -p1 –no-backup-if-mismatch -i ../patches.fixes/ia64-configure-HAVE_UNSTABLE_SCHED_CLOCK-for-SGI_SN.patch
+ patch -s -F0 -E -p1 –no-backup-if-mismatch -i ../patches.fixes/kvm-ioapic.patch
+ patch -s -F0 -E -p1 –no-backup-if-mismatch -i ../patches.fixes/kvm-macos.patch

Building a recent mainline kernel

For completeness, here’s the quick steps for building a mainline kernel.

Go to kernel.org, download a stable or recent kernel. For example, at the time this is being updated, the current stable kernel we recommend is We would suggest keeping within 2.6.32 stable kernels.

In this example, we download the mainline kernel

Quick steps are available here: http://kernelnewbies.org/KernelBuild
# cd /root
# tar -jxf linux-
# cd linux-
# make pseries_defconfig

You should update and/or verify the .config settings using make menuconfig command as follows:
make menuconfig
<select Kernel options>
<change Page Size to 64k page size – default is 4k>
<change Maximum zone order to 9 – default is 13>
<select Exit>
<select Processor support>
<change Maximum number of CPUs to 4x number of cores – you can specify 256>
<select Exit>
<select General setup>
<select Kernel Performance Events and Counters>
<verify Kernel performance events and counters is turned on>
<deselect/verify Kernel performance counters (old config option)
<select Exit>
<select Exit>
<select Exit>
<Yes, save the new config>

If you wish, you can confirm the new settings in the .config file:

# CONFIG_PPC_4K_PAGES is not set
# CONFIG_PPC_16K_PAGES is not set
# CONFIG_PPC_256K_PAGES is not set


# Kernel Performance Events And Counters

For the build..
# make all
# su -c “make modules_install install”

If running under ABAT, use
# boot-to –kernel /boot/vmlinux- –initrd /boot/initrd-

Written by spectre

September 20th, 2010 at 11:57 am

Posted in Tips and Tricks

Сброс пароля доменной учетной записи Администратора (Windows Server 2003/2008)

without comments

Сброс пароля доменной учетной записи Администратора (Windows Server 2003/2008)
Что делать, если вы забыли(а иногда трудно вспомнить то, чего не знаешь) пароль на доменную учетную запись администратора, но очень хочется? В отличии от локальной учетной записи админа доменную просто так не сбросить, но способ есть. Метода описанная ниже 100% рабочая (лично приходилось применять как на 2003, так и 2008 серверах), однако она имеет существенный недостаток: необходим физический доступ к домен-контроллеру, ну или хотя бы иметь некое подобие технологии iLO (сами понимаете, далеко не на всех серверах есть такая опция, к тому же доступ там тоже может быть ограничен), но кто знает, может кому пригодится.
Итак, во-первых, нам все же потребуется локальная учетная запись администратора, а точнее доступ к ней. Не смотря на то, что она отключается сразу же после того, как сервер получает роль домен-контроллера, хранится она в базе SAM продолжает.
По-сему с помощью многочисленных утилит (хотя бы из того же набора Hiren’s Boot CD) сбрасываем пароль(разумеется, если вы его не помните) на локальную учетную запись администратора.

Во-вторых, необходимо перезагрузить домен-контроллер в режиме Directory Restore Mode. Думаю, если вы знаете, что такое домен-контроллер, то проблем с загрузкой в данном режиме не может быть в принципе, но на всякий случай: жмем F8, до загрузки системы, и выбираем режим Directory Restore Mode, он отключает Active Directory.

Шаг третий.
После загрузки системы входим в неё под учетной записью локального админа.
Теперь у нас есть полный доступ к системе, но мы ничего не можем сделать с Active Directory, пока не можем.

Шаг четвертый.
Теперь нам нужно установить небольшую утилиту – SRVANY. Что она делает? Она может запустить любую программу как службу, но что самое интересное, программа эта будет запущена с правами системы (NT AUTHORITY\SYSTEM). А вот это уже даст ПОЛНЫЙ ДОСТУП к системе. Этого более чем достаточно для сброса пароля любой доменной учетной записи, в т.ч. администратора.
Итак, копируем утилиты INSTSRV и SRVANY в какую-нибудь папку, например в C:\temp. Копируем туда же cmd.exe, обычно находится в %windir%/System32 (cmd.exe будет запускаться как раз с правами самой системы, для выполнения net user).
Теперь, запускаем командную строку, и устанавливаем SRVANY:
cd c:\temp
instsrv PassRecovery c:\temp\srvany.exe
instsrv устанавливает srvany как службу с названием PassRecovery.
Таким образом SRVANY установлена, теперь нужно настроить эту утилиту, для этого запускаем regedit и идем сюда:
Создаем там новый подраздел(subkey), и добавляем туда две записи:
name: Application
type: REG_SZ (string)
value: с:\temp\cmd.exe

name: AppParameters
type: REG_SZ (string)
value: /k net user administrator 123456 /domain
Как видно, первая запись говорит, что запускать, вторая: с какими параметрами. У нас получается, что будет запущена командная строка, в которой будет выполнена команда net user, которая сменит пароль администратора на 123456. Не забываем, что в доменной групповой политике по умолчанию, есть требование к комплексности пароля, т.е. он должен быть не менее 6 символов, и содержать буквы разных регистров и цифры, и редко бывают случаи, когда эту политику отключают. Так что если вы не знаете, работает данная политика, или нет, то лучше вписывайте что-то вроде [email protected]
Теперь нам нужно настроить созданную нами службу. В командной строке пишем services.msc (ну или через панель управления – кому как нравится).
Выбираем службу PassRecovery, и в свойствах меняем тип запуска на Автоматический (Startup type: Automatic). Далее все в тех же свойствах выбираем вкладку Вход в систему (Log on), и там включаем опцию Взаимодействие с рабочим столом (Interact with the desktop).
Шаг последний.
Перезагружаем домен-контроллер, загружаемся в обычном режиме, и входим в систему под учетной записью администратора, с паролем, который вы указали в предыдущем пункте. Запускаем командную строку, и удаляем процесс который мы создали, нам он явно больше не нужен:
net stop PassRecovery

sc delete PassRecovery
Удаляем C:\temp, и делаем что хотим

+ SRVAny

Written by spectre

September 16th, 2010 at 3:47 pm

Posted in Tips and Tricks

HPC: среда паралелльных вычислений прямого доступа кластеров Скиф без элементов виртуализации

without comments

( Не включает  особенности кластеров СКИФ-ГПБ и Скиф-Cell)

    Последние изменения:

  • обновлено 22.03.17 – удалены все устаревшие рекомендации

  • обновлены ссылки на дополнительную документация на кластере



Read the rest of this entry »

Written by spectre

September 8th, 2010 at 10:16 am