Enabling RDP on Windows Server 2012 Core

Because the Core editions of Windows Server have no GUI we can't use the Server Manager (at least locally) to enable connections over RDP to the Windows Core host. To get around that Microsoft includes a WSH script with the Core editions that can run from the Command Prompt. Use the following command to enable RDP on your Core servers.

cd \windows\system32
cscript scregedit.wsf /AR 0

You can use the /v switch to check the state of the RDP setting. If it shows 1, RDP connections are not enabled, if it's 0 they are.

Below is a list of all the options for the scregedit.wsf script:

Microsoft (R) Windows Script Host Version 5.8
Copyright (C) Microsoft Corporation. All rights reserved.

Automatic Updates - Manage Automatic Windows Updates
These settings can be used to configure how Automatic Updates are applied to
the Windows system. It includes the ability to disable automatic updates and
to set the installation schedule.

/AU [/v][value]

/v View the current Automatic Update settings
value value you want to set to.

Options:
4 - Enable Automatic Updates
1 - Disable Automatic Updates


Terminal Service - Allow Remote Administration Connections
This allows administrators to connect remotely for administration purposes.

/AR [/v][value]

/v View the Remote Terminal Service Connection setting
value (0 = enabled, 1 = disabled)


Terminal Service - Allow connections from previous versions of Windows
This setting configures CredSSP based user authentication for
Terminal Service connections

/CS  [/v][value]

/v View the Terminal Service CredSSP setting
value (0 = allow previous versions, 1 = require CredSSP)


IP Security (IPSEC) Monitor - allow remote management
This setting configures the server to allow the IP Security (IPSEC) Monitor to
be able to remotely manage IPSEC.

/IM [/v][value]

   /v View the IPSEC Monitor setting
value (0 = do not allow, 1 = allow remote management)


DNS SRV priority - changes the priority for DNS SRV records
This setting configures the priority for DNS SRV records and is only useful
on Domain Controllers.
For more information on this setting, search TechNet for LdapSrvPriority

/DP [/v][value]

   /v View the DNS SRV priority setting
value (value from 0 through 65535. The recommended value is 200.)


DNS SRV weight - changes the weight for DNS SRV records
This setting configures the weight for DNS SRV records and is only useful
on Domain Controllers.
For more information on this setting, search TechNet for LdapSrvWeight

/DW [/v][value]

   /v View the DNS SRV weight setting
value (value from 0 through 65535. The recommended value is 50.)


Command Line Reference
This setting displays a list of common tasks and how to perform them from
the command line.

/CLI

Compiling Server Status Widget on Kubuntu 12.04

Recently I found a cool little widget for KDE4 called Server Status. It allows you to monitor systems, servers, or anything else with an IP address or hostname. I had some issues getting it to compile under Kubuntu 12.04 so I thought I'd leave some documentation here in case anyone else runs into the same issues I did.

Here are the steps to get it compiled and working:

git clone git://gitorious.org/serverstatuswidget/serverstatuswidget.git

cd /serverstatuswidget

sudo apt-get install build-essential libqt4-core qt4-qmake libqt4-dev libqt4-gui kdelibs5-dev

cmake -DCMAKE_INSTALL_PREFIX=$(kde4-config --prefix)

sudo make

sudo make install 

kbuildsycoca4

Disabling vsync on Intel Integrated HD graphics with driconf

First install driconf:

sudo apt-get install driconf

Then run driconf from a shell, enable Expert Mode, and set the synchronize with vertical refresh to Never. Then under Image Quality settings enable  S3TC. Hit save.

Then add the following to your ~/.drirc:

      <device screen="0" driver="dri2">
          <application name="Default">
              <option name="vblank_mode" value="0" />
          </application>
      </device>

Your drirc should look like the following when you're done:

<driconf>
      <device screen="0" driver="dri2">
          <application name="Default">
              <option name="vblank_mode" value="0" />
          </application>
      </device>
      <device screen="0" driver="i965">
          <application name="Default">
              <option name="force_s3tc_enable" value="true" />
              <option name="no_rast" value="false" />
              <option name="always_flush_cache" value="false" />
              <option name="stub_occlusion_query" value="false" />
              <option name="always_flush_batch" value="false" />
              <option name="bo_reuse" value="1" />
              <option name="texture_tiling" value="true" />
              <option name="early_z" value="false" />
              <option name="allow_large_textures" value="2" />
              <option name="fragment_shader" value="false" />
          </application>
      </device>
</driconf>

To test if it worked run glxgears and you should see your FPS in the thousands, way above your monitors refresh rate:

16233 frames in 5.0 seconds = 3246.366 FPS
17469 frames in 5.0 seconds = 3493.649 FPS

Installing the Intel HD integrated graphics drivers on Linux

To get the Intel HD x000 drivers working in Linux do the following:

sudo apt-add-repository ppa:glasen/intel-driver

sudo apt-get update && sudo apt-get upgrade

sudo apt-get install xserver-xorg-video-intel

sudo init 6

 

I am using Kubuntu 12.04 x64 but any Ubuntu derivative should work.

Get your public IP from the win32 command-line

Sometimes it's beneficial to be able to retrieve your public routable IP address via the command line so that you can use it in scripts. Using only native tools in Windows this is not possible. I do have an old script that uses a hybrid batch and VBScript solution that uses telnet to connect to a PHP script that dumps back the REMOTE_ADDR super global, but it was clunky and didn't always work reliably. Below is a hybrid batch and powershell script that can do it. Of course this could be done with only powershell, but I wrote it this way so I could use it in both powershell and batch scripts.

Here is the code:

@echo off

powershell -encodedcommand KABuAGUAdwAtAG8AYgBqAGUAYwB0ACAAcwB5AHMAdABlAG0ALgBuAGUAdAAuAHcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AYwBoAGUAYwBrAGkAcAAuAGEAbAB0AGUAcgB2AGkAcwB0AGEALgBvAHIAZwAvAGkAcAAuAHAAaABwACIAKQA=

Here is the decoded base64 powershell code:

(new-object system.net.webclient).downloadstring("http://checkip.altervista.org/ip.php")

Getting Shrew Soft VPN Client Working on Ubuntu 11.10

I recently built a new pfSense router for my home lab. After getting everything up and running I set up an IPSec VPN so I could get secure access to my home lab from where ever I may be. Having never setup an IPSec VPN before, I wasn't sure which client people used. I searched Synaptic for "ipsec" and found one called Shrew Soft VPN Client. After Googling around a little more, I found that, that was a pretty commonly used client for IPSec VPN connections. I installed it via Synaptic, filled in all my settings and hit the connect button. Below was the output:


config loaded for site mysite
attached to key daemon ...
peer configured
iskamp proposal configured
esp proposal configured
ipcomp proposal configured
client configured
local id configured
remote id configured
pre-shared key configured
bringing up tunnel ...
negotiation timout occurred
tunnel disabled
detached from key daemon ...



After trying to connect a few times, and rechecking my settings on my pfSense box, I decided to Google around alternative clients. I tried using one called OpenSwan, and another called StrongSwan, that were both plugins for NetworkManager. Neither of them worked, so I was back to square one.

To make this work on Ubuntu 11.10 you need to use an older version, version 2.15 to be exact. To install it, do the following:

For x86 systems:

# wget http://mirror.pnl.gov/ubuntu//pool/universe/o/openssl098/libssl0.9.8_0.9.8o-7ubuntu1_i386.deb

# wget http://mirror.pnl.gov/ubuntu//pool/universe/i/ike/ike-qtgui_2.1.5+dfsg-2_i386.deb

# wget http://mirror.pnl.gov/ubuntu//pool/universe/i/ike/ike_2.1.5+dfsg-2_i386.deb

# dpkg -i *.deb


For x64 systems:

# wget http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8o-5ubuntu1.2_amd64.deb

# wget http://mirror.pnl.gov/ubuntu//pool/universe/i/ike/ike-qtgui_2.1.5+dfsg-2_amd64.deb

# wget http://mirror.pnl.gov/ubuntu//pool/universe/i/ike/ike_2.1.5+dfsg-2_amd64.deb

# dpkg -i *.deb

You can find it in your Internet menu.

dcprom0

CMD Shell tricks

Recently there was a post on the alt.msdos.batch.nt news group where someone needed to get an IP address into a variable. Sounds easy enough, but the problem he was having was that he couldn't use typical parsing with the findstr command because the language settings were not consistent between systems.

The easiest way to get your local IP address into a variable is like this:

# for /f "tokens=2 delims=[]:" %i in ('ping -n 1 -4 %computername% ^| findstr /i "pinging"') do set ip=%i& echo %ip%


This works fine most of the time, but what if you have multiple interfaces on your system? Consider this:



# for /f "tokens=2 delims=[]:" %i in ('ping -4 -n 1 %computername% ^| findstr /i
"pinging"') do set ip=%i& echo %ip%
169.254.238.27


#


What is that address? That's an APIPA address that Microsoft so graciously provided us in case we were unable to receive an IP address from a DHCP server. This isn't our actual IP address that we are using on the LAN, so this isn't the output we want.

Going back to our original problem, the findstr /i "pinging" won't work because the language was different. So, we need another way to determine this, while also maintaining backwards compatibility with older systems such as Windows 9x systems. Here is my solution to the problem:



# for /f "tokens=3 delims=:" %i in ('arp -a ^| findstr /n /l ":" ^| find "2:"')
do @for /f %z in ('echo %i') do @set ip=%z


#echo %ip%
172.16.2.13


#