A man of few words

Scenario: I’m remote controlling a colleague’s computer to assist with some software issues. After fixing one of them the computer needed a restart, but the other issue required some more troubleshooting so I disconnected from his computer and proceeded to excersise some Google Fu.

Fast forward a few minutes.
I see he still hasn’t rebooted his computer like he said he would, so I ask him:

Me: I found a solution, would you like me to remote in to your PC now or are you going to restart first?
Luser: OK
Me (thinking): Well, wtf do I do now

Setup reverse SSH tunnel

Here’s a quick example for setting up reverse SSH tunnels on clients which can be controlled via the server from anywhere. This example presumes all the client computers has some sort of unique ID/hostname, like 9001, 9002, 9003, 9004 etc. Let’s say we have 10 clients stuck behind a firewall we’d like to access.

Start the SSH server on all clients like this:

ssh -R 1xxxx:localhost:22 user@server.com // replace xxxx with this client's unique id

Now we have all our clients setup with a reversed ssh tunnel.
If we’d like to ssh into id 9003 we run the following command from the server:

ssh user@localhost -p 19003

Lets ssh into 9005 instead:

ssh user@localhost -p 19005

Replace user with a local user on the client machine.

Example

I want to ssh into my Raspberry Pi. Local username is pi.

  • Step 1 – setup reverse ssh tunnel on the raspberry:
    ssh -R 19999:localhost:22 kek@it-db.com
  • Step 2 – from my “it-db.com” server I run the following command:
    ssh pi@localhost -p 19999

Combining with sshpass and autossh

sshpass -p "mypassword" autossh -R 19999:localhost:22 user@server.com

Create custom URL for your local development machine

Say you’re working on several projects at your local machine. Accessing those pages with custom URLs could be useful for a variety of reasons.

  • Easier to remember the URL. http://abc is easier to remember than http://localhost/projects/2016/customer/abc
  • If the project has a login form, your browser will cache the credentials for the domain, i.e. localhost. Working with custom URLs the browser will interpret them as different domains so it will cache the correct login. This is especially useful for me, I have like 5 local projects involving a login and I never know which one is correct for this and that.

So in the example below I assume you have Apache webserver running at http://localhost and a subfolder called “projects/mysite” (ok technically that’s 2 subfolders, but you get the picture)

Configure your hosts file

Linux:
$ sudo nano /etc/hosts

Windows:
Open Command Prompt in elevated mode and run notepad %windir%\system32\drivers\etc\hosts

Add your custom URL at the end. For example:
127.0.0.1 proj-mysite

Configure Apache to enable the virtual host module

Open httpd.conf which is somewhere in your apache folder, typically /apache/conf/httpd.conf.

Search for vhost_ and find the line that says LoadModule vhost_alias_module modules/mod_vhost_alias.so.
If this line is commented (has a # at the beginning), then remove the # to enable the module.

Set up a virtual host

Open httpd-vhosts.conf, typically found here: /apache/conf/extra/httpd-vhosts.conf.
You will probably see a list of commented entries here to illustrate how it works.

Now you must add a new virtual host. At the end of the file, paste in the following:

<VirtualHost *:80>
    ServerAdmin you@mysite.com
    DocumentRoot "C:/xampp/htdocs/projects/mysite"
    ServerName proj-mysite
    ServerAlias proj-mysite
    ErrorLog "logs/proj-mysite.log"
    CustomLog "logs/proj-mysite.log" common
</VirtualHost>

I guess most of the lines are self-explonatory so edit wherever you need and save the file.

Restart Apache webserver

Then open http://proj-mysite

Create a daemon for Linux

# !/bin/sh
# /etc/init.d/daemond

### BEGIN INIT INFO
# Provides:             daemond
# Required-Start:       $remote_fs $syslog
# Required-Stop:        $remote_fs $syslog
# Default-Start:        2 3 4 5
# Default-Stop:         0 1 6
# Short-Description:    Skeleton daemon
# Description:          Skeleton daemon
### END INIT INFO

case "$1" in
    start)
        echo 'hello world'
        ;;
    stop)
        killall daemond -q
        ;;
    *)
      echo "Usage: /etc/init.d/checkconnectiond {start|stop}"
      exit 1
      ;;
esac

exit 0

Add custom scripts to Powershell user scope

Today I had to google how to find out my Powershell version. How fucked up is that. Luckily 1680 other people wondered the same and appreciated this answer: http://stackoverflow.com/questions/1825585/determine-installed-powershell-version

Turns out the command is: (ignore PS C:\>, that’s just to indicate a Powershell)

PS C:\> $PSVersionTable.PSVersion

No way I’m going to remember that. Luckily, StackOverflow user @ADTC mentioned he made a function to output the version.
Open notepad and write the function to the file specified from the $profile path.

PS C:\> notepad $profile

Insert the function:

function psver { 
    $PSVersionTable; 
    $PSVersionTable.PSVersion 
}

Reload Powershell by running

PS C:\> . $profile

Now you can enter psver to output the version. Beautiful!

If you got an error when running notepad $profile that the file can’t be found, then simply enter $profile in your Powershell window to output the path and create the file manually in Windows Explorer.

Still delivering Out-Of-Office warning even though it’s turned off

Vacation’s over, back to work. However, Outlook still tells people I’m out of office. I wish…
For no apparant reason this seem to randomly happen with our users sometimes.

In an attempt to fix it we’ve tried the usual:

  • Start Outlook in safe mode and check that it’s indeed turned off
  • Check that it’s also turned of in our Exchange server for the user

Luckily we found a work-around using MFCMAPI which seems to fix the issue.
Be careful though, MFCMAPI talks directly to Exchange and it can mess up your Exchange account if pressing random buttons recklessly.

Step 1
Download MFCMAPI from http://mfcmapi.codeplex.com
Note that you must download the same architecture as your Outlook is running. 64-bit MFCMAPI won’t work with 32-bit Outlook.

Step 2
Close Outlook and open mfcmapi.exe
Click on Session -> Logon in the top menu and pick your Outlook profile.

Step 3
You should see a list of accounts connected to the Outlook profile you chose in the last step.
Click on your account, scroll down in the properties list until you see PR_OOF_STATE, PidTagOutOfOffice.... This will be set to True if OOF is activated. Double-click on this property and uncheck the Boolean checkbox in the dialog window. Click OK followed by Session -> Log off in the top menu. OOF should finally be disabled.

Can’t move file – Error 0x800401E5: No object for moniker

How we suddenly got 0x800401E5 errors

Some time ago we changed the desktop folder location for every user from C:\Users\<name>\Desktop to X:\Desktopwith a new group policy rule. This apparantly led to some complications for a few users because the local Windows registry didn’t update the paths somehow. Luckily it only affected a few users so we found a manual workaround.

Fix by using regedit or push out to users with GPO

Open regedit and navigate to the following two locations:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders

Change the Desktop value to correct folder. Remember to do it in both locations.

List members of AD group

Example

Open the Powershell shell (pun intended) on your domain controller and run the following command:
Get-ADGroupMember 'groupname'

This will list all members of the ‘groupname’ group in your shell. List pipe it into a text file instead:
Get-ADGroupMember 'groupname' > list.txt

We don’t need those unecessary columns though, so let’s just list the NAME column and nothing else:
Get-ADGroupMember 'groupname' | select name > list.txt

Troubleshooting

Run the shell as admin…