Howto: Reset a lost VMware guest password


So you’ve forgotten your VMware Linux or Windows guest password?  Here’s how to reset it.  These instructions focus on resetting the password through the Virtual Infrastructure Client, but there’s no reason you couldn’t do it using VMware Workstation or VMware Server.  

1. Grab a Kon-Boot .iso image.
 
2. In the Virtual Infrastructure client, configure the problematic guest’s Virtual CDROM for the Kon-boot ISO image.
 
3. Boot the problem guest server.  At the VMware BIOS screen, press the ESC key to bring up the boot menu.  Select to boot from CD-ROM.
 
4. When the Kon-Boot splash screen appears, press Enter to boot Windows.
 
5. At the Windows login screen, enter administrator as the user name, with any password you’d like.  Note:  This password is not persistent!  You must set the administrator password manually! Once the password is set, reboot the server and you will be able to login with the newly set credentials.
 
If you are trying to reset the password in Linux, the steps are the same, but instead of logging into Windows and resetting the adminstrator password, login to Linux and reset the root password.

HowTo: Export a list of all computers in an AD OU


To export a list of all computers and non domain controller servers in an Active Directory OU, use dsquery.exe.  For example, to export all computers in mydomain.com’s servers OU to machines.txt :

DSQUERY COMPUTER “OU=servers,DC=mydomain,DC=com” -o rdn -limit 1000 > c:\machines.txt
 
Use -limit when you want to return more than the default 100 results.  Note that –rdn will producte the relative distinguished name (which means no OU=,DC= in the name).
 
Full dsquery syntax:
 
Syntax:     dsquery computer [{<StartNode> | forestroot | domainroot}]
           [-o {dn | rdn | samid}] [-scope {subtree | onelevel | base}]
           [-name <Name>] [-desc <Description>] [-samid <SAMName>]
           [-inactive <NumWeeks>] [-stalepwd <NumDays>] [-disabled]
           [{-s <Server> | -d <Domain>}] [-u <UserName>]
           [-p {<Password> | *}] [-q] [-r] [-gc]
           [-limit <NumObjects>] [{-uc | -uco | -uci}]
 
 
Parameters:
Value                       Description
{<StartNode> | forestroot | domainroot}
                           The node where the search will start:
                           forest root, domain root, or a node
                           whose DN is <StartNode>.
                           Can be “forestroot”, “domainroot”
                           or an object DN.
                           If “forestroot” is specified, the search is done
                           via the global catalog. Default: domainroot.
-o {dn | rdn | samid}       Specifies the output format.
                           Default: distinguished name (DN).
-scope {subtree | onelevel | base}
                           Specifies the scope of the search:
                           subtree rooted at start node (subtree);
                           immediate children of start node only (onelevel);
                           the base object represented by start node (base).
                           Note that subtree and domain scope
                           are essentially the same for any start node
                           unless the start node represents a domain root.
                           If forestroot is specified as <StartNode>,
                           subtree is the only valid scope.
                           Default: subtree.
-name <Name>                Finds computers whose name matches the value
                           given by <Name>, e.g., “jon*” or “*ith”
                           or “j*th”.
-desc <Description>         Finds computers whose description matches
                           the value given by <Description>,
                           e.g., “jon*” or “*ith” or “j*th”.
-samid <SAMName>            Finds computers whose SAM account name
                           matches the filter given by <SAMName>.
-inactive <NumWeeks>        Finds computers that have been inactive (stale)
                           for at least <NumWeeks> number of weeks.
-stalepwd <NumDays>         Finds computers that have not changed their
                           password for at least <NumDays> number of days.
-disabled                   Finds computers with disabled accounts.
{-s <Server> | -d <Domain>}
                           -s <Server> connects to the domain controller
                           (DC) with name <Server>.
                           -d <Domain> connects to a DC in domain <Domain>.
                           Default: a DC in the logon domain.
-u <UserName>               Connect as <UserName>. Default: the logged in
                           user. User name can be: user name,
                           domain\user name, or user principal name (UPN).
-p <Password>               Password for the user <UserName>.
                           If * then prompt for password.
-q                          Quiet mode: suppress all output to
                           standard output.
-r                          Recurse or follow referrals during search.
                           Default: do not chase referrals during search.
-gc                         Search in the Active Directory global catalog.
-limit <NumObjects>         Specifies the number of objects matching the
                           given criteria to be returned, where <NumObjects>
                           is the number of objects to be returned.
                           If the value of <NumObjects> is 0, all
                           matching objects are returned.
                           If this parameter is not specified, by default
                           the first 100 results are displayed.
{-uc | -uco | -uci}         -uc Specifies that input from or output
                           to pipe is formatted in Unicode.
                           -uco Specifies that output to pipe or file is
                           formatted in Unicode.
                           -uci Specifies that input from pipe or file is
                           formatted in Unicode.
 
Remarks:
The dsquery commands help you find objects in the directory that match
a specified search criterion: the input to dsquery is a search criteria
and the output is a list of objects matching the search. To get the
properties of a specific object, use the dsget commands (dsget /?).
 
If a value that you supply contains spaces, use quotation marks
around the text (for example, “CN=John Smith,CN=Users,DC=microsoft,DC=com”).
If you enter multiple values, the values must be separated by spaces
(for example, a list of distinguished names).
 
Examples:
To find all computers in the current domain whose name starts with “ms”
and whose description starts with “desktop”, and display their DNs:
 
   dsquery computer domainroot -name ms* -desc desktop*
 
To find all computers in the organizational unit (OU) given
by ou=sales,dc=micrsoft,dc=com and display their DNs:
 
   dsquery computer ou=sales,dc=microsoft,dc=com
 
See also:
dsquery computer /? – help for finding computers in the directory.
dsquery contact /? – help for finding contacts in the directory.
dsquery subnet /? – help for finding subnets in the directory.
dsquery group /? – help for finding groups in the directory.
dsquery ou /? – help for finding organizational units in the directory.
dsquery site /? – help for finding sites in the directory.
dsquery server /? – help for finding servers in the directory.
dsquery user /? – help for finding users in the directory.
dsquery quota /? – help for finding quotas in the directory.
dsquery partition /? – help for finding partitions in the directory.
dsquery * /? – help for finding any object in the directory by using a
generic LDAP query.
 
Directory Service command-line tools help:
dsadd /? – help for adding objects.
dsget /? – help for displaying objects.
dsmod /? – help for modifying objects.
dsmove /? – help for moving objects.
dsquery /? – help for finding objects matching search criteria.
dsrm /? – help for deleting objects.
dsquery failed:The parameter is incorrect.
type dsquery /? for help.

Howto: Enable debug logging for Backup Exec for Windows Servers


You can temporarily enable Backup Exec debug logging by adding the -debug start parameter to the Backup Exec Remote Agent for Windows Servers service. This is a temporary setting that will be reset when the services are cycled or at the next server reboot.  To enable debug logging permanently, see the second section that details editing the reqistry.

To temporarily enable Backup Exec debug logging on Windows 2000, Windows XP, Windows 2003 and Windows 2008:
 
1. Go to Start > Programs > Administrative Tools > Services

2. Select the Backup Exec Remote Agent for Windows Servers service, and click Stop. When prompted, click Yes to shut down the service.

3. Select and right-click on the Backup Exec Remote Agent for Windows Servers service, and then select Properties

4. In the Startup Parameters box, type debug.  Click Start in the Properties page to start the service. Click OK 

5. Select and right-click the Backup Exec Job Engine service, and then select Properties

6. In the Startup Parameters box, type debug. Click Start in the Properties page. Click OK to close. 
 
To permanently enable Backup Exec debug logging on Windows NT 4.0, Windows 2000, Windows XP, Windows 2003 and Windows 2008:
 
1. Stop all Backup Exec for Windows Servers services

2. Run REGEDIT.EXE

3. a. Backup Exec 10d or below: Browse to HKey_Local_Machine\Software\VERITAS\Backup Exec\Engine\Logging

     b. Backup Exec 11d or above: Browse to HKey_Local_Machine\Software\Symantec\Backup Exec for Windows\Backup Exec\Engine\Logging


4. Change the value of CreateDebugLog to 1 to enable debug logging

5. Quit the registry editor

6. Start the Backup Exec for Windows Servers services

After the Backup Exec Job Engine and Backup Exec Remote Agent for Windows Servers service are started, two log files will be created in the Backup Exec \Logs directory, which is located in one of the following directories:
 
  • Backup Exec 10d or below:  \Program Files\Veritas\Backup Exec\NT\Logs
  • Backup Exec 11d or above:  \Program Files\Symantec\Backup Exec\Logs
The name of the log files will follow the format of <ServerName>-BENGINEXX.Log for the Backup Exec Job Engine service, and <ServerName>-BEREMOTEXX.LOG for the Backup Exec Remote Agent for Windows Servers service. The XX will increment each time the services are started with the -debug option, so that a new log file is created.
 

How to completely disable DEP in Windows Server 2003


To completely disable DEP in Windows Server 2003, perform the following with administrative credentials:

1. Open Windows Explorer

2. Tools > Folder Options > View

3. Uncheck Hide Protected operating system files (Recommended) and Hide extensions for known file types

4. Click apply > OK

5. Browse to C:\

6. Right click on boot.ini, select properties and ensure the “read-only” tab is unchecked and click OK

7. Edit boot.ini

8. Modify the  /noexecute=

For example, set  /noexecute=AlwaysOff to disasble DEP entirely

9. File > Save, close boot.ini file

10. Right click on boot.ini, select properties and ensure the “read-only” tab is checked and click OK

11. Reboot the computer

For more about DEP see MS KB875352

Howto: Export IIS 7.0 web server configuration


To export a backup copy of your IIS 7.0 configuration on a Windows 2008 Server:

Open Server Manager

Expand Roles – Web Server (IIS) – Internet Information Services (IIS) Manager

Highlight the web server name

From the Management category, double click Shared Configuration

Under Actions, select Export Configuration. Accept or change the default export path of C:\Windows\system32\inetsrv\config\export

Click the Connect As button, and enter administrative credentials. If the server is a domain member, you may need to enter your credentials in the format domain\username or username@domain.com

Enter the encryption keys password twice and press OK

You should now have three files in the C:\Windows\system32\inetsrv\config\export directory: administration.config, applicationHost.config, and configEncKey.key. Save the files in a safe place.

Howto: Backup IIS 7.0 web server configuration


To backup your IIS 7.0 configuration on a Windows 2008 Server, you just need to make a copy of the \windows\system32\inetsrv\config directory (and subdirectories) and save it in a safe location.

You can also use the appcmd.exe utility to create the backup via the command line. The syntax to create a backup is:

%windir%\system32\inetsrv\appcmd.exe add backup “Backup Name”

to restore the backup, the syntax is:

%windir%\system32\inetsrv\appcmd.exe restore backup “Backup Name”

to remove a backup, the syntax is:

%windir%\system32\inetsrv\appcmd.exe delete backup “Backup Name”

For additional details on appcmd.exe see Bill’s IIS blog, or check out Mike’s IIS 7.0 Server-side blog for information on backing up and restoring IIS 7.0 shared configuration.