CAPI2 Error & Missing System Writer on Windows 2008

System Writer is missing from the output of vssadmin list writers. The Application Event log is showing Event ID 513 source CAPI2.

Had a hell of a time resolving this issue. Most of the sources point to a permissions issue. However the security log remains error free.
The script below is combines a couple suggested fixes. One of the fixed is from the Microsoft KB article 2009272. Other items were found in various forums.

Either run the script as is or break it down in parts to show the exact issue. Be sure to restart the cryptographic service if not running the script in its entirety.

::  Reset Reg and Dir ACLs 

Takeown /f "%windir%\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files" /a

icacls "%windir%\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files" /grant "NT AUTHORITY\SYSTEM:(RX)"
icacls "%windir%\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files"  /grant "NT Service\trustedinstaller:(F)"
icacls "%windir%\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files"   /grant "BUILTIN\Users:(RX)"
icacls "%windir%\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files" /grant "Administratoren:(RX)"

Takeown /f %windir%\System32\DriverStore /a

icacls %windir%\System32\DriverStore /grant "NT AUTHORITY\SYSTEM:(RX)"
icacls %windir%\System32\DriverStore /grant "NT Service\trustedinstaller:(F)"
icacls %windir%\System32\DriverStore /grant "BUILTIN\Users:(RX)"
icacls %windir%\System32\DriverStore /grant "Administratoren:(RX)"

Regini Registry\Machine\System\CurrentControlSet\services [1 5 7 11 14 17 21]
Regini Registry\Machine\Software\Microsoft\WBEM\CIMOM [1 5 7 11 14 17 21]


:: System state backup failed w/ The system writer is not found in the backup
:: kb2009272
:: vssadmin list writers = "System Writer" missing

Takeown /f %windir%\winsxs\temp\PendingRenames /a

icacls %windir%\winsxs\temp\PendingRenames /grant "NT AUTHORITY\SYSTEM:(RX)"
icacls %windir%\winsxs\temp\PendingRenames /grant "NT Service\trustedinstaller:(F)"
icacls %windir%\winsxs\temp\PendingRenames /grant BUILTIN\Users:(RX)

Takeown /f %windir%\winsxs\filemaps\* /a

icacls %windir%\winsxs\filemaps\*.* /grant "NT AUTHORITY\SYSTEM:(RX)"
icacls %windir%\winsxs\filemaps\*.* /grant "NT Service\trustedinstaller:(F)"
icacls %windir%\winsxs\filemaps\*.* /grant BUILTIN\Users:(RX)


:: Restart the Cryptographic Services

net stop cryptsvc
net start cryptsvc

:: Reset Reg and Dir ACLs

Takeown /f "%windir%\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files" /a

icacls "%windir%\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files" /grant "NT AUTHORITY\SYSTEM:(RX)"

icacls "%windir%\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files" /grant "NT Service\trustedinstaller:(F)"

icacls "%windir%\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files" /grant "BUILTIN\Users:(RX)"

icacls "%windir%\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files" /grant "Administratoren:(RX)"

Takeown /f %windir%\System32\DriverStore /a

icacls %windir%\System32\DriverStore /grant "NT AUTHORITY\SYSTEM:(RX)"

icacls %windir%\System32\DriverStore /grant "NT Service\trustedinstaller:(F)"

icacls %windir%\System32\DriverStore /grant "BUILTIN\Users:(RX)"

icacls %windir%\System32\DriverStore /grant "Administratoren:(RX)"

Regini Registry\Machine\System\CurrentControlSet\services [1 5 7 11 14 17 21]

Regini Registry\Machine\Software\Microsoft\WBEM\CIMOM [1 5 7 11 14 17 21]

:: System state backup failed w/ The system writer is not found in the backup

:: kb2009272

:: vssadmin list writers = "System Writer" missing

Takeown /f %windir%\winsxs\temp\PendingRenames /a

icacls %windir%\winsxs\temp\PendingRenames /grant "NT AUTHORITY\SYSTEM:(RX)"

icacls %windir%\winsxs\temp\PendingRenames /grant "NT Service\trustedinstaller:(F)"

icacls %windir%\winsxs\temp\PendingRenames /grant BUILTIN\Users:(RX)

Takeown /f %windir%\winsxs\filemaps\* /a

icacls %windir%\winsxs\filemaps\*.* /grant "NT AUTHORITY\SYSTEM:(RX)"

icacls %windir%\winsxs\filemaps\*.* /grant "NT Service\trustedinstaller:(F)"

icacls %windir%\winsxs\filemaps\*.* /grant BUILTIN\Users:(RX)

:: Restart the Cryptographic Services

net stop cryptsvc

net start cryptsvc

Andrew Bounds Windows 0 microsoft, vss, Windows 2008

GPU parameters for BOINC on Linux

As of BOINC version 7.0.40, the ability to split GPU across multiple work units has been added.

Preliminary Change Log 7.0.39 –> 7.0.40:

client: add “client app configuration” feature; see http://boinc.berkeley.edu/trac/wiki/ClientAppConfig
This lets users do the following:
1) limit the number of concurrent jobs of a given app (e.g. for WCG apps that are I/O-intensive)
2) Specify the CPU and GPU usage parameters of GPU versions of a given app.

BOINC development versions are found here:
http://boinc.berkeley.edu/download_all.php

Create a new file named app_config.xml in the project directory to make use of the new options.
Details are found under ClientAppConfig of the BOINC wiki.

On Ubuntu the project directory is found:
/var/lib/boinc-client/projects/ProjectName

<app_config>
   <app>
      <name>hcc1</name>
      <max_concurrent>4</max_concurrent>
      <gpu_versions>
          <gpu_usage>.25</gpu_usage>
          <cpu_usage>1</cpu_usage>
      </gpu_versions>
   </app>
</app_config>

<app_config>

<app>

<max_concurrent>4</max_concurrent>

<gpu_versions>

<gpu_usage>.25</gpu_usage>

<cpu_usage>1</cpu_usage>

</gpu_versions>

</app>

</app_config>

name: Short name of the project. Project short names are found in the client_state.xml file.
max_concurrent: This specifies the maximum number of tasks the app can run at a time. Set this to the number of total HCC1 tasks your computer will be doing at a time.
gpu_usage: This specifies the % use of the GPU per task. Set this according to how many tasks you want to run per GPU.
Tasks per GPU = gpu_usage
cpu_usage: This specifies the % use of CPU threads per GPU task. The default value is 1, but if you want to run more GPU tasks than you have CPU cores edit it accordingly.
Total CPU Threads / Total GPU Task = cpu_usage

Andrew Bounds Linux 0 boinc, gpu

Detect .Net version using Internet Explorer

Here is a quick method of getting the .NET versions running on a system.

Past the following text into the Internet Explorer address bar.

javascript:alert(navigator.userAgent)

1	javascript:alert(navigator.userAgent)

Note: Be aware that the userAgent response can be modified.

Andrew Bounds Browsers 0 .NET, Internet Explorer, userAgent

Curses based fullscreen BOINC manager

I have been using BOINC via the World Community Grid project for roughly 8 years.

Do you have a couple boxes running headless or otherwise not running Xorg? If you ever wanted to or had the need there is a Curses based BOINC manager. The project name is Boinctui and is available on google code.

Boinctui source code along with deb and rpm binaries are available for download.

wget http://code.google.com/p/boinctui/downloads/detail?name=boinctui_1.0.0-0_i386.deb
sudo dpkg -i boinctui_1.0.0-0_i386.deb

1 2	wget http://code.google.com/p/boinctui/downloads/detail?name=boinctui_1.0.0-0_i386.deb sudo dpkg -i boinctui_1.0.0-0_i386.deb

Andrew Bounds Linux 0 boinc, cli, curses, Linux

Ipad ad blocking using privoxy

iPad AD blocking using Privoxy

I recently acquired an iPad 2 which I use mostly for surfing the web. I had no idea that you could not use browser extensions.

Assuming you have an extra computer running on your network. One method of blocking ads (on your home network) is to use a web proxy like Privoxy. Privoxy has binaries for Windows, OS X, BSD and Linux.

In the example below we are going to install and setup Privoxy on Ubuntu.

sudo apt-get install privoxy

1	sudo apt-get install privoxy

Edit the configuration file and change the listen-address from 127.0.0.1 to your servers IP address. In the example below we will use 192.168.1.1.

sudo vim /etc/privoxy/config

1	sudo vim /etc/privoxy/config

#  Example:
#
#      Suppose you are running Privoxy on a machine which has the
#      address 192.168.0.1 on your local private network (192.168.0.0)
#      and has another outside connection with a different address. You
#      want it to serve requests from inside only:
#
#        listen-address  192.168.0.1:8118
#
#      Suppose you are running Privoxy on an IPv6-capable machine and
#      you want it to listen on the IPv6 address of the loopback device:
#
#        listen-address [::1]:8118
#
listen-address 192.168.1.1:8118
#
#
#  4.2. toggle
#  ============
#

# Example:

# Suppose you are running Privoxy on a machine which has the

# address 192.168.0.1 on your local private network (192.168.0.0)

# and has another outside connection with a different address. You

# want it to serve requests from inside only:

# listen-address 192.168.0.1:8118

# Suppose you are running Privoxy on an IPv6-capable machine and

# you want it to listen on the IPv6 address of the loopback device:

# listen-address [::1]:8118

listen-address 192.168.1.1:8118

# 4.2. toggle

# ============

Restart Privoxy after editing the config file. Privoxy will now be listening on port 8118 with the default settings.

AdblockPlus lists for Privoxy.

There is a script that will convert the AdblockPlus lists for Privoxy.
http://andrwe.org/scripting/bash/privoxy-blocklist
Development version can be found on Github

Download the script:

wget http://andrwe.org/_export/code/scripting/bash/privoxy-blocklist

1	wget http://andrwe.org/_export/code/scripting/bash/privoxy-blocklist

Make it executable and run:

chmod +x privoxy-blocklist.sh
sudo ./privoxy-blocklist.sh

1 2	chmod +x privoxy-blocklist.sh sudo ./privoxy-blocklist.sh

Verify Privoxy is running and listening on port 8118:

user@privoxy:~$ sudo netstat -anp | grep privoxy
tcp        0      0 192.168.1.1:8118    0.0.0.0:*               LISTEN      15152/privoxy

1 2	user@privoxy:~$ sudo netstat -anp \| grep privoxy tcp 0 0 192.168.1.1:8118 0.0.0.0:* LISTEN 15152/privoxy

Configure the Ipad proxy settings

Tap Settings > General > Network > WiFi.
Modify the network settings for the SSID at the location by pressing on the blue icon with the right arrow in it.
Select “Manual” under “HTTP Proxy”.
For the “server”, type the IP address of the proxy server. For the “Port”, enter your proxy server port (typically 8118 for Privoxy)

Now you up and running AD free.

Andrew Bounds iPad 0 ads, iPad, Privoxy, proxy, ubuntu

Improve Google Reader readability with userstyles.org and Stylish

As with most Google products Reader is utilitarian.

Install the Stylish Google Chrome extension.

Restyle the web with Stylish, a user styles manager. Stylish lets you easily install themes and skins for Google, Facebook,…
User styles are themes for web sites. User styles empower your browsing experience by letting you customize web sites. Take out irrelevant content, change colors, or completely redesign the entire site.

Stylish lets you easily manage user styles. Add, delete, enable, disable, and organize with a few clicks of a mouse, no code to edit, no obscure configuration to find. Stylish’s companion website, userstyles.org, hosts tens of thousands of user styles made by other Stylish users that you can try.

For you technical types out there, think of it this way: Stylish and userstyles.org are to CSS as Greasemonkey and userscripts.org are to JavaScript.

Head on over to Userstyles.org and browse the style collections.

Examples of vanilla vs styled Google Reader:

Vanilla Google Reader

Andrew Bounds Browsers 0 Chrome, CSS, Extension, Google Reader, RSS

gpedit.msc could not create snap-in

When opening gpedit.msc you receive the following error:

MMC could not create the snap-in. The snap-in might not have been installed correctly.

Verify that "%SystemRoot%\System32\Wbem" is in the PATH environment variable.

echo %PATH%

1	echo %PATH%

Add if it is missing and rerun gpedit.msc

Andrew Bounds Windows 0 gpedit, microsoft, mmc

CLI Quick Tip: Recursive File or Directory Permissions

Command to recursively change either file or directory permissions in Bash.

Example of changing directory permissions to 755

sudo find . -type d -exec chmod 755 {} \;

1	sudo find . -type d -exec chmod 755 {} \;

Example of changing file permissions to 666

sudo find . -type f -exec chmod 666 {} \;

1	sudo find . -type f -exec chmod 666 {} \;

Andrew Bounds CLI Quick Tips 0 bash, chmod, cli, Linux

Bash 4 recursive globbing

Bash version 4 introduced a new option called globstar. When the option is set, recursive globbing with ** is enabled.

Lets say you want to move all files from a directory and its subdirectories. Most common method would be to use the find command.

For example, find and move all .mp3 files from the current and all subdirectory to a directory named music.

sudo find . -type f -exec mv *.mp3 /music {} \;

1	sudo find . -type f -exec mv *.mp3 /music {} \;

The can be simplified by enabling the Bash option globstar.

shopt -s globstar

1	shopt -s globstar

p0rkjello@de01u0001:~$ shopt |grep globstar
globstar        on

1 2	p0rkjello@de01u0001:~$ shopt \|grep globstar globstar on

With the BASH globstar setting enabled the command is as simple as:

mv **/*.mp3 /music

1	mv */.mp3 /music

Andrew Bounds Linux 0 bash, globstar, Linux

Solarized colors on Gnome Terminal

Solarized is a beautiful color palette. The palette was designed for readability and comes with both light and dark options.

Solarized is a sixteen color palette (eight monotones, eight accent colors) designed for use with terminal and gui applications. It has several unique properties. I designed this colorscheme with both precise CIELAB lightness relationships and a refined set of hues based on fixed color wheel relationships. It has been tested extensively in real world use on color calibrated displays (as well as uncalibrated/intentionally miscalibrated displays) and in a variety of lighting conditions.

Install git-core on Ubuntu/Deb. Adjust according to your distribution installer.

sudo apt-get install git-core
git clone https://github.com/sigurdga/gnome-terminal-colors-solarized.git

1 2	sudo apt-get install git-core git clone https://github.com/sigurdga/gnome-terminal-colors-solarized.git

Change directory into the downloaded Solarized directory

cd gnome-terminal-colors-solarized

1	cd gnome-terminal-colors-solarized

Run one of the following scripts for either the dark or light color theme.

./set_dark.sh
./set_light.sh

1 2	./set_dark.sh ./set_light.sh

There are Solarized color palettes available for terminals, editors, IDEs etc. Easy to set up and beautiful to look at. I highly recommend checking it out.

Andrew Bounds Linux 0 Gnome Terminal, Linux, Solarize

1 2 3 4 5 6

misc/tech/musings

sysadmin notebook for projects, problems and solutions