joeware - never stop exploring... :)

Information about joeware mixed with wild and crazy opinions...

4/27/2007

Public Restrooms

by @ 12:28 pm. Filed under rants

What is it with public restrooms and how they draw in disgusting disrespectful people?

This seems to be an issue of staggering proportions. Anymore, you are surprised if you walk into a lavatory and it actually is really clean. In some cases, certainly we can blame the facilities management who maintain the lavatory, but mostly I think we can look squarely at the folks who have no respect for others and just destroy the bathrooms.

Seriously… has anyone every gotten a date from a stall posting of “For a good time, call Steven at xxx-yyyy”? And to be quite honest, I don’t care if John is larger than Bob who is larger than Seth or is larger than Jimmy or that Frank can make all your dreams come true or that Sue is a Ho. Of course you also have the plethora of examples of amateur art, one wonders if the artist has so little experience that he/she believes that is how things really look or they are just a horrendously bad artist. For any aspiring Picasso’s out there, I hate to burst your bubble, but I am not aware of any critically acclaimed bathroom stall art nor any world renowned artists who started with the blank canvas of the back  of a stall door.

Stall art though is just the beginning, if you have to be disrespectful, I prefer that over the other worse things that occur. Some of these bathrooms get so bad I can’t understand how even the people who are disrespectful can bring themselves to use them. I mean seriously, do you think, well I will never be here again, let me just make it as disgusting here as I possibly can. Let me pick my nose and wipe the prizes all over the walls and the door? Let me urinate all over the seat the floor and even the toilet paper on the roll or even worse.

This is positively disgusting and revolting and disrespectful and honestly, I wouldn’t have a problem with someone who partakes in these actions dropping off the face of the earth. What other areas are they causing issues in with this rampant disrespect for other humans. Do they do this crap at home too? If they do they may be trying to bring back the plague, they should be dispatched from this plane of existence with the swiftest possible speed.

I don’t see many solutions for this problem. I mean if people are going to be disgusting pigs, how do you stop that? Someone thinks, “why certainly most other people want to have access to my bodily fluids or my incredible brilliance that is only fit for the wall next to a toilet…”. How do you stop them?

Thoughts in my head on this matter…

1. If you are one of these people, STOP IT YOU DISGUSTING PIECE OF TRASH.

2. If you know someone who does this or see someone who does this, tell them to stop being disgusting. Do you want them doing that in your bathroom?

3. Maybe we should make the penalties for doing something like this to be extremely high, even ridiculously high for the issue, so that people at least think about it. Then obviously we have to find some way to enforce it, you can’t have policy and penalties without some form of enforcement. Enforcing itself will be difficult, do you have someone checking everyone out of every stall? Do you put cameras in the stalls? Maybe another solution is that you have to have some form of electronic/biometric authentication to get into public/shared facilities that you have to use to get access to a stall or restroom. Then if on later inspection that stall is messed up, you have a list of people to go have a chat with. These are all expensive and ultimately people are going to bitch about privacy reasons. The last one though should be feasible but still enforcement will be difficult but the combination of insanely highly penalties coupled with a possibility of identifying the disgusting non-human should help reduce the issue.

4. We could ignore the solving of the issue and just go after the result. Set the stalls up so that they self clean. The stall is designed to be blasted with a high pressure bleach wash and once per hour every stall is just nailed with the cleanup spray. The result is that ink won’t stick to the walls and all of the disgusting by products of nasty human scum gets washed away. As I think about it, this could slow down the people causing this issue as well. If their works of art (both on the walls and on the floor) will be gone in less than 60 minutes, maybe they won’t feel it is worth going through the effort…

 

Me… I would use the cameras and post the pictures of the people in the act of being disrespectful and post them everywhere so everyone will understand what nasty people they are. We do that with the customers of prostitutes though I don’t see a problem with that whole industry – anymore I am seeing less and less difference between a prostitute and someone who marries a person and then divorces them and tries to clean them out financially. Anyway… Why don’t we actually use that mechanism for something that would be truly helpful to the human race – clean sanitary rest room conditions.

 

   joe 

Rating 3.00 out of 5

4/26/2007

Longhorn Beta 3 now available

by @ 3:42 pm. Filed under tech

This is getting shouted from the rooftops but Longhorn Beta 3 is now available to be downloaded from Connect. I highly recommend anyone who uses Windows Servers to download and run this so they can

a. Learn about the new stuff which is a lot

b. Find bugs and report them so you don’t have to report them after the product ships.

Rating 3.00 out of 5

Sucks to be me…

by @ 3:41 pm. Filed under humour

I didn’t even know I had a support team…

 

From: service@joeware.net [mailto:service@joeware.net]
Sent: Thursday, April 26, 2007 4:22 PM
To: joe@joeware.net
Subject: MEMBERS SUPPORT

Dear Joeware Member,
We have temporarily suspended your email account joe@joeware.net.
This might be due to either of the following reasons:

1. A recent change in your personal information (i.e. change of address).
2. Submiting invalid information during the initial sign up process.
3. An innability to accurately verify your selected option of subscription due to an internal error within our processors.

See the details to reactivate your Joeware account.

Sincerely,The Joeware Support Team

+++ Attachment: No Virus (Clean)
+++ Joeware Antivirus – www.joeware.net

Rating 3.00 out of 5

4/20/2007

Out of Home AutoReply: <insert your subject here>

by @ 10:37 pm. Filed under general

I am out of the home starting tomorrow (Saturday April 21) for most of this coming week. Any emails you send me may or may not be responded to until after I return some time after that – maybe a long time after that if it is an exceptionally annoying email. 🙂 

If you have something extremely important you need to tell me then you better hop on a plane and start rooting around the lovely Casino Resort I am staying at because otherwise you are SOL. Oh and just to make it fun, I won’t spend all of my time there, I intend to poke around Las Vegas a bit and maybe take in a show or two and generally enjoy myself. Maybe Criss Angel or Penn and Teller, that would rock.

If you prefer my work OOO message, it is

I am at the 2007 Directory Experts Conference discussing technology with other Directory Experts for the next week. If you need me, you can find me there. 🙂

Expect poor to no response to any emails / phone messages / carrier pigeons / smoke signals sent my way until I return around Monday April 30.

Of course the April 30th date is incredibly optimistic but if I put anything later down someone somewhere I am sure would have to find some reason to complain. 😉

 

So anyway… I will be in Las Vegas attending the world famous/infamous Directory Experts Conference 2007 put on by our friends at NetPro. I keep saying this but I mean it, if you need to get info on AD this is a really good conference to attend. If you are responsible for AD in your company, it is probably worth you going. Even if only for the intersession chatter and to throw fruits and vegetables at some of the presenters (Deji I promise to bring in nothing larger than an orange this time… But I am coming to your presentation and some form of fruit will likely be involved). This is a great place to go because you have people like me who write free tools listening to everyone’s problems and coming up with ideas for new tools or things to add to already existing tools and you have a multitude of vendors there listening as well and willing to build tools that they can sell to you. They much rather know up front what people want than try to guess.

Many folks are afraid to go to a conference like this because they see it is put on by vendors and this is because they think it is a big sales drive and you will be locked in a room and forced to listen to the vendors shove their benefits down your throat. This really isn’t the case, it isn’t a time share in the mountains of Colorado or the lush palms of Florida. To be honest, this is my 4th or 5th DEC and I have yet to have seen one of the presentations of the vendors. I am sure in many cases they prefer I stay OUT of their presentations, I ask all of the wrong questions. Instead I have literally had hours upon hours of amazing conversations and seen some spectacular presentations. The vendors are there to talk to you if you want to or you have specific problems you want to see if they can solve, but it is entirely up to you.

Something else that some people are concerned about and I admit a couple of years ago when Gil and Christine mentioned that they were thinking about Vegas for the 2006 conference I was concerned about was the whole, well there go the attendees, who wants to sit in a room listening to Princess talk about Longhorn features when you have gambling, booze, and otherworldly beautiful scantily glad girls running around in the casinos. Boy was I shocked at the 2006 DEC, very few people drifted off to the various vices during the sessions or during the social gatherings.

To wrap this up, for Active Directory people, there really is no better conference to attend. You will not get this much focus or this much quality from TechEd or Windows Connections or any of those other conferences. Plus you won’t get the same personal experience, those other conferences are too big, DEC has a very friendly everyone knows your name quality to it. I can generally make one to two conferences a year because that is about all I can pull off in the company I work for and even that is a stretch… The first is a no-brainer, that is the Windows MVP Summit. I get to sit down and talk to the folks writing the stuff I love to use plus MSFT pays for everything but airfare. I will go to the summit regardless of whether work says I can or not – it would literally be criminally stupid of me not to attend that given the benefits versus investment. The second is also a no-brainer, it is DEC and it is because again, that has the best collection of Active Directory Expertise in one place at one time.

   joe

Rating 3.00 out of 5

GPOs != AD and AD != GPOs

by @ 9:56 pm. Filed under tech

GPOs are not AD, AD is not GPOs.

GPOs are an application that utilize AD, say like Exchange. AD really doesn’t need GPOs but GPOs absolutely can’t without AD because that is where all of the information is. It is sort of like the relationship between AD and ESE… ESE doesn’t need AD but AD sure would be in a lot of trouble without ESE.

The GPO client has to look things up in AD and it finds out from AD what text files to pull out of sysvol to apply. That’s the connection, period, have a nice day.

This also means that just because you are an AD Expert it doesn’t mean you are a GPO expert and if you are a GPO expert it doesn’t mean you are an AD expert. Just like being an AD expert doesn’t make you an Exchange expert and being an Exchange expert doesn’t make you an AD expert. Some of us AD folks look at GPOs with disgust, I won’t mention Exchange other than “its special”. A big reason for this is because people treat GPOs (and Exchange for that matter) like a hammer and then solve all problems as if they are nails by using GPOs (or Exchange apps) to try and solve the problems. Me, I like a simple set of GPOs, 12 per domain setting basic security settings for a series of base platform configurations (from open developer to kiosk) for say a Fortune 5 company sounds about right for me with a sysvol at about 2MB tops. No I don’t like delivering Office and every other damn app under the sun with GPOs, I look for software delivery tools for delivering software – call me crazy.

Another big reason I don’t like GPOs is because they screw with people’s ability to logon. You get some rocket scientist looking to solve the world’s problems in a GPO and you get a user whose logon time is measured in cups of coffee and the help desk ticket comes in saying someone can’t log on and it isn’t that they can’t log on… it is because someone who should have been smacked made GPOs do far more than they likely should be doing.

Don’t get me wrong, GPOs can do some cool things and it appears to be getting even cooler with Longhorn, but it isn’t the right tool for all of the jobs people try to force it into.

I guess if there was a nice little popup that showed up on workstations AFTER a user authenticated and was truly logged in that said, “You are officially logged in fine, anything after this that screws up is not a logon problem but something else so complain to the appropriate people.”. If they had that, it would pop up within milliseconds of you entering your password in most cases. In large orgs, GPO support and logon script support is usually handled by the client group, logon support is handled by the Domain Admins and the Domain Admins don’t care what happens on your client after those first few milliseconds after you enter your password.

  joe

Rating 3.00 out of 5

Source code availability for joeware utilities

by @ 9:40 pm. Filed under tech

I get a lot of questions regarding the availability of source code for my joeware utilities. I am not sure why, I thought I have been pretty clear on the web pages for the tools:

Source Code Availability

          None

I think that is clear. I tried to keep it simple and concise. Despite this clarity I get at least 3-4 emails a week asking for source code. On some special days, like the last two, I get flooded with 10+ requests in a day. It is like people think, “Well he means it isn’t available to anyone but me…” No I mean you too. Seriously. No.

I especially like it when say one out of every five or so will then tell me about, or worse, lecture me about Open/Shared Source and how it is such a great thing and how I should embrace it and blah blah blah blah. I had no less than four email conversations with four different people this week all telling me that after I said no. Like I haven’t heard of open source I guess… One guy was so so ok with how he presented it but the other three were outright annoying and whiney. To all of them I finally asked, well hey, if this Shared Projects / Open Source is so great, how about you point me to some of the projects you have personally contributed to so I can check out how much value you add to the whole thing? Guess how many responses I got back? Well I will tell you that will be the first thing I say now to anyone asking for my source code. Not that that will change anything, the guys who write WireShark could ask for joeware source and even though I like WireShark and I think they do a great job, I am still not sharing the source code. Their decision to share their source has no bearing on my decision to not share it.

Why not you ask? Because I found it to be a painful thing to do and quite frankly, I don’t see a reason to supply the leeches and companies with shitty coders with my code. I did it a long time ago and received emails for years when idiots with compilers who thought they were programmers (versus just idiots with compilers) tried to modify the code to do other things and broke it – including people who turned my freely available source into programs they sold to others. They would ask me why the program didn’t work in a certain case without telling me they had modified it and I would do free troubleshooting for them. Not one single good thing came to me for publishing source code openly for others but I did feel pain and received considerable nastiness when I refused to help so you can imagine how often I will do it in the future.

   joe

Rating 3.00 out of 5

4/18/2007

Update on Super Fast Virtual Mofo SFVM…

by @ 10:51 pm. Filed under general

A while ago I mentioned buying the parts and putting together SFVM – http://blog.joeware.net/2007/02/17/808/

I have received lots of emails and quite a few comments posted on an update… So here it goes.

First I apologize for the delay, I have been immensely swamped, I keep saying that but that is only because it is keeps being true. 🙂

First off, let me say it wasn’t a flawless implementation. Lots of fun issues.

Issue #1 Bad hard drives. I ordered 12 x 500GB Western Digital drives. I love these drives, I have them in all of my machines throughout my house, I have several Terabytes online in the house and it is all on these drives. However three of the drives were not functioning properly when I received them. They “worked” but they were very slow and the RAID controller didn’t like them one bit. I sent the drives back, got new ones delivered and they were fine.

Issue #2 Bad RAID Card. Well really it was probably a poor quality card with poor x64 drivers, I expect they all worked the same. The boot sequence was extremely slow with the card and the driver kept getting “dorked up” and forcing rebuilds. Obviously this isn’t a good position when you are looking for good throughput. I sent the card back and in its place ordered a nice shiny new Adaptec 2820SA (2169900-R). The things I liked about this new card besides it having a solid driver and much better boot times were that it didn’t use proprietary cables and it was MUCH faster overall than the last RAID card.

Issue #3 This one took me a while to work out but I had some bad memory. I realized that once the machine was really loaded up cooking along and available Physical Memory dropped below about 500MB (from the 8GB it is loaded with) and the machine would then get a little flakey and odd errors would get thrown in the VMs. So I took SFVM offline and ran memory tests for 3 days with the Microsoft Memory Diags and found no errors. I fired it back up and it still ran into issues when I forced it into a corner with its available physical memory. So I tried memtest86 and it didn’t find anything. Then on a whim, I downloaded a new version of memtest86 (updated on 2007-01-14) and it immediately found errors in the memory… It popped several thousand errors in the first 5 seconds of testing. Very odd. After an hour of mucking around I narrowed the problem down to one of the 2GB chips. I contacted G.Skill and they said send the chip and its matched partner to them and they would test them and if the memory was indeed bad I would get a replacement. I think it was five days later I had two brand new memory chips. During that time the server ran flawlessly, just ran out of RAM about twice as fast. 😉 I popped the new chips in, let memory tests run overnight and everything came out perfect so fired up the OS and things were good. 🙂 The customer service and the speed of the memory and the lifetime warranty means I will be looking to buy G.Skill again in the future.

 

I am still setting things up on this machine, it isn’t yet what it will eventually be, I would say I am at about 60% setup at the moment which means there could still be quite a bit of change going on.

 

So how did I config the DASD? That is a really popular question. Easy answer. I set up three RAID partitions.

One set of 4 disks are running in a RAID-5 on the onboard Intel RAID. That space is broken broken into C 195GB / D 195GB / E 195GB / F 811GB. C has the OS, D and E have tools, utilities, programs, ISO Images, a downloads folder for everything installed on the machine. F has backups of the virtual machines I really really care about – say like the backup for my virtual Exchange server that handles the mail for joeware.net.

The remaining 8 disks are set up as two RAID-0 stripe sets with 4 disks each, I wanted IOPS – period. Each RAID set has one logical disk and is 1,862GB in size. I load the up the virtuals on one drive or the other and keep a backup of it on the other drive.

Several folks were expecting me to do mirrors all over, I am not a mirror guy on any machines (production or test). If I need IOPS, I run stripe sets. If I need redundancy I run RAID-10/0+1 or RAID-5. The biggest fastest production DCs I have built for Fortune 50+ size companies have all been RAID-10/0+1 the last 3-4 years and RAID-5 prior to that.

Here is a pretty picture:

 

Another popular question has been about overclocking of the processor and the RAM? Did I? Did I not? The RAM I am running at the highest rating voltage specified for the RAM 1.9v. The processor is not currently overclocked. Do I need to overclock? At this point, honestly? No.

What am I doing with it and how busy is it you ask??? The system is running Windows Server 2003 Enterprise x64 R2 SP2 with VMWare Virtual Server 1.0.1. The normal running load on this machine during the week at the moment is ten (10) Windows Server 2003 R2 Virtuals (mixture of x86 and x64) . Of those, 8 are domain controllers hosting some 75,000 or so users, the other two are member servers, one running SQL Server 2005 Enterprise and Active Roles Server (from Quest). The last is simply a machine to run tests from. All of the machines have between 256MB-512MB of RAM assigned. On top of that there are 4 Longhorn B2 Enterprise Servers running as Domain Controllers (one RODC) for various AD tests. All of the Longhorn Servers have 512MB RAM assigned. CPU load ranges from 3% to about 46%. I have about 1.5GB available physical memory. All of the VMs are quite responsive. I have about 8 other virtuals that get fired up and shut down throughout the day depending on what kinds of things I have to test out.

Here is another pretty picture:

I am going to let things run stable for about another month or two to see how the warmer months impact the temps and then I expect I will start playing with amping up the processor a bit if things look ok.

  joe

Rating 3.00 out of 5

CHEER!

by @ 9:40 pm. Filed under general

No more Sanjaya… It was way overdue but thankfully it is over now.

Might as well just get down to the final two… Blake and Jordin head to head.

Jordin is by far the better singer but Blake is hella entertaining.

Rating 3.00 out of 5

4/17/2007

Wow…

by @ 9:57 pm. Filed under general

Now this is a seriously cool seafood place…

http://www.snopes.com/photos/architecture/undersea.asp

Rating 3.00 out of 5

4/15/2007

PSOMgr is done…. I think. :)

by @ 11:56 pm. Filed under tech

I finished V01.00.00 of PSOMgr yesterday. PSOMgr is a command line utility I built to help manage Fine Grain Password Policy Password Settings Objects that are present in Longhorn Server Active Directory. I also set it up to manage Domain Password Policy Settings as well.

If you didn’t read my previous info on FGPP then you can check that out here – http://blog.joeware.net/2007/03/18/828/

The goal was to have it ready for the Directory Experts Conference 2007 for release at the conference during the Longhorn Workshop on Sunday. The conference attendees will receive a special link to download the utility about a week before the general public can download it. That probably isn’t terribly enticing for many because Longhorn is still in beta and won’t be released until at least the end of this year, but don’t forget, PSOMgr can be used for displaying and modifying your domain password policy as well… But if you don’t go to DEC you have to wait a whole week more than you would have to wait if you were at DEC.

Here is sample output showing the current domain policy for both domains in my Longhorn test forest. Note that this will work on any Active Directory forest regardless of OS level of the Active Directory.

F:\Dev\BDSCPP\PSOMgr\Release_Build>psomgr /h lhb2-dc1 /view /dompol /alldoms

PSOMgr V01.00.00cpp Joe Richards (joe@joeware.net) April 2007

Using host: Default-First-Site-Name\LHB2-DC1.lhtest.loc
Retrieving Domain Policy...

Policy Listing
--------------
  Policy #1
    Type               : Domain Policy
    Domain             : lhchild.lhtest.loc
    Policy Precedence  : 2147483647
    DN                 : DC=lhchild,DC=lhtest,DC=loc
    Name               : lhchild
    Canonical Name     : lhchild.lhtest.loc/
    Display Name       : lhchild
    Lockout Threshold  : 0
    Lockout Duration   : 30
    Lockout Observation: 30
    Min Pwd Age        : 1
    Max Pwd Age        : 42
    Min Pwd Length     : 7
    Pwd History        : 24
    Pwd Complexity     : TRUE
    Pwd Reversible     : FALSE

  Policy #2
    Type               : Domain Policy
    Domain             : lhtest.loc
    Policy Precedence  : 2147483647
    DN                 : DC=lhtest,DC=loc
    Name               : lhtest
    Canonical Name     : lhtest.loc/
    Display Name       : lhtest
    Lockout Threshold  : 0
    Lockout Duration   : 30
    Lockout Observation: 30
    Min Pwd Age        : 0
    Max Pwd Age        : 91
    Min Pwd Length     : 7
    Pwd History        : 24
    Pwd Complexity     : TRUE
    Pwd Reversible     : FALSE


The command completed successfully.

 

Here is the usage info for the utility: 

 

PSOMgr V01.00.00cpp Joe Richards (joe@joeware.net) April 2007

-help         Help.
-?            Help.

Usage:
 PSOMgr [switches]

  Switches: (designated by - or /)

           [CONNECTION OPTIONS]
   -h host       Host to use. Defaults to default Domain Controller

           [ACTION OPTIONS]
   -view         View PSOs and/or Domain Policies.
   -rename xxx   Rename PSO to new name xxx. Select PSO to rename with
                 selection criteria below. Best to specify -pso PSO_DN
   -del          Delete PSO. Select PSO to delete with selection criteria
                 below. Best to specifify -pso PSO_DN
   -multidel     Delete multiple PSOs. Select PSOs to delete with selection
                 criteria below.
                   DELETE NOTES:
                     o By default you cannot delete a PSO that has a member
                       assigned to it. Use -override to override.
   -quickstart   Quickstart mode to create several base PSOs automatically.
                 Will generate a copy of the domain policy as a PSO, will
                 also generate a fixed list of additional common PSOs. If you
                 would like to generate copies of the domain policies for
                 every domain in the forest in the specified domain, use the
                 -alldoms switch. This could be useful for domain collapse.
   -effective xxx  Display effective policy information for user xxx. The
                   xxx value could be specified as SAM Name, UPN, or DN.
   -applyto xxx  Apply policy specified with criteria to object specified
                 in xxx, could be SAM Name, UPN, or DN.  
   -unapplyto xxx  Same as -applyto but unapplies.
   -clearapplied Clear all members from PSO assignment. Specify PSO with
                 with selection criteria.
   -applied      Show objects that the PSO is applied to. Specify PSO(s) with
                 selection criteria. Will only show members from the same domain
                 as they are the only ones that will be effective. Format of
                 output:
                    resultantflag[objecttype] DN (SamName | UPN)
                 The resultantflag field could be
                      empty for non-user type objects
                      + if resultant policy is the same as displayed policy.
                      - if resultant policy is different from displayed policy.
   -add xxx      Add PSO with selected attributes in xxx. Specify domain to
                 create PSO in with -domain switch.
                   ADD NOTES:
                     o  Format of xxx is specified below in ADD/MOD NOTES.
                     o  By default if you specify a PSO that matches the policy
                        settings of an existing PSO it will disallow the add
                        operation and let you know what that PSO's DN is.
   -mod xxx      Modify PSO with selected new attributes in xxx. Specify PSO
                 with selection criteria, preferably PSO DN.
                   MOD NOTES:
                     o  Format of xxx is specified below in ADD/MOD NOTES.
   -forreal      Really do any actions that make changes.

   ADD/MOD NOTES:
      The -add and -mod switches are probably the most complex in this
      utility because of the amount of information that can be specified.
      There are 12 pieces of information needed to create a PSO. To keep
      things consistent the same format is used for -mod. The fields are:
        name         - Required for add. Not req'd for mod, will rename PSO.
        displayname  - Not required for add nor mod. Defaults to name.
        precedence   - Precedence of policy, required for add. Lowest wins.
        maxpwdage    - Max password Age in days. Not required, default value.
        minlength    - Min password length. Not required, default value.
        history      - password history count. Not required, default value.
        lo_count     - Lockout Threshold. Not required, default value.
        lo_duration  - Lockout Duration in mins. Not required, default value.
        lo_observe   - Lockout Observation in mins. Not required, default value.
        minpwdage    - Min password Age in days. Not required, default value.
        complexity   - Password complexity (true/false). Not required, default value.
        reversible   - Password reversible (true/false). Not required, default value.

      The default format for specifying the info is a single colon delimited string:
        name:displayname:precedence:maxpwdage:minlength:history:lo_count:
                 lo_duration:lo_observe:minpwdage:complexity:reversible

      To make this simpler, not all values need to be specified this way,
      most of the fields have default values if you want to accept them. If
      you want to find out what the default values are, specify -add with
      the few required attributes but don't specify -forreal and PSOMgr will
      tell you all of the values. There are also 'override' switches to allow
      you to specify specific fields with additional switches. If these
      are used you just have to specify the first 4 fields for an add in
      colon delimited format.
        -lockout threshold:duration:observation
        -pwdage max:min
        -pwdlen minlength
        -pwdhist historycount
        -pwdcomplex (true|false)
        -pwdreverse (true|false)

           [SELECTION CRITERIA OPTIONS]
   -pso [xxx]    Specify a specific PSO with name/displayname xxx or with
                 no specified xxx to view all PSOs.
   -dompol       Specifies Domain Policy.
   -allpwdpols   Specifies both domain policy and PSOs.
   -alldoms      Look at all domains in forest.
   -domain xxx   Policy for Domain xxx.
   -used         Only PSOs that have members applied to them.
   -unused       Only PSOs that do not have members applied to them.

           [AUTHENTICATION OPTIONS]
   -u id         Userid authentication. AD simple bind supports All ID
                 formats and secure bind only supports ID formats 1 and 2.
                 No userid specified indicates anonymous authentication.
                     ID Formats
                     1. domain\userid
                     2. user@domain.com (userPrincipalName)
                     3. cn=user,ou=someou,dc=domain,dc=com (DN)
   -up pwd       Password for specified userid. * indicates to ask for password.
   -simple       Simple Bind

           [OUTPUT OPTIONS]
   -dn           Only display PSO DNs
   -dnprec       For view action, display PSO and precedence only.
   -v            Verbose output, give more info about what is going on.
   -sort xxx     Change sort order output.
                   xxx = precedence - Sort by domain + policy precedence.
                   default sort     - Sort by type + canonicalName.


Examples:

   View Examples

       psomgr /view /dompol
          View domain policy of default domain.

       psomgr /view /pso
          View PSOs in default domain.

       psomgr /view /pso /domain domx
          View PSOs in domain domx.

       psomgr /view /pso /used
          View used PSOs in default domain.

       psomgr /view /pso /unused
          View unused PSOs in default domain.

       psomgr /view /pso test
          View PSO with name,displayname, or admindisplayname of test
          in default domain.

       psomgr /view /allpwdpols
          View all password policies in default domain.

       psomgr /view /pso /alldoms
          View PSOs in all domains in forest.

       psomgr /view /dompol /alldoms
          View domain policies in all domains.

       psomgr /view /allpwdpols /alldoms
          View all password policies in all domains.

       psomgr /view /allpwdpols /alldoms /h serverx
          View all password policies in all domains, use serverx as
           a starting point.

       psomgr /view /allpwdpols /alldoms /h serverx /sort precedence
          View all password policies in all domains, use serverx as
          a starting point and sort by policy precedence.


   Add Examples

       psomgr /add newpso10::1 /lockout 99:99:99 /pwdage 100:100
                 /pwdcomplex TRUE /pwdreverse true /pwdlen 101
          Add PSO newpso10 with precedence of 1 and other specified values.
          Will NOT create since /forreal is not specified.

       psomgr /add newpso10::1 /lockout 99:99:99 /pwdage 100:100
                 /pwdcomplex TRUE /pwdreverse true /pwdlen 101 /forreal
          Add PSO newpso10 with precedence of 1 and other specified values.
          This will really create the PSO.

       psomgr /add testpso-1::1000
          Add PSO newpso-1 with precedence of 1, use defaults for the rest.
          Will NOT create since /forreal is not specified.

       psomgr /add testpso-1::1000 /forreal
          Add PSO newpso-1 with precedence of 1, use defaults for the rest.
          This will really create the PSO.

       psomgr /add testpso-1::1000:100:6:30:50:1:1:0:true:true
          Add PSO newpso-1 with specified values. Will not really create.

       psomgr /add testpso-1::1000:100:6:30:50:1:1:0:true:true /forreal
          Add PSO newpso-1 with specified values. Will create.


   Delete / MultiDelete Examples

       psomgr /del /pso pso-1
          Delete PSO pso-1 in default domain... But not really.

       psomgr /del /pso pso-1 /forreal
          Delete PSO pso-1 in default domain...

       psomgr /multidel /pso /forreal
          Delete all unused PSO's in default domain...

       psomgr /multidel /pso /forreal /override
          Delete all (used and unused) PSO's in default domain...

       psomgr /domain domx /multidel /pso test* /forreal
          Delete all unused PSOs that start with test in domain domx...

   Rename Examples

       psomgr /rename newname-1 /pso oldpsoname /forreal
          Rename oldpsoname to newname1.

   Modification Examples

       psomgr /dompol /mod :::42:7:24:0:30:30:1:true:false /forreal
          Modify domain policy with specified values.

       psomgr /mod /dompol /lockout 50:2:2 /pwdage 91:0 /pwdlen 10 /forreal
          Modify domain policy with specified values.

       psomgr /mod /pso testpol /lockout 50:2:2 /pwdage 91:0 /pwdlen 10 /forreal
          Modify PSO testpol with specified values.

   Quick Start Examples

       psomgr /quickstart
          Quick Start PSOs for default domain. But not for real, just see what
          it would do.

       psomgr /quickstart /forreal
          Quick Start PSOs for default domain.

       psomgr /quickstart /domain domx /forreal
          Quick Start PSOs for domain domx.

       psomgr /quickstart /alldoms /forreal
          Quick Start PSOs for default domain but create PSOs for the password
          policy from every domain.

   Applied Examples

       psomgr /applied /pso
          Show membership applied to every PSO in default domain.

       psomgr /applied /used /pso
          Show membership applied to every used PSO in default domain.

   Clear Applied Examples

       psomgr /clearapplied /pso mypso /forreal
          Clear all members of the PSO mypso.

   Apply To / Unapply To Examples

       psomgr /applyto myuser /pso somepso /forreal
          Add myuser to policy somepso.

       psomgr /unapplyto myuser /pso somepso /forreal
          Remove myuser from policy somepso.

   Effective Examples

       psomgr /effective joeuser
          Show applied policies and the effective policy of joeuser.


 This software is Freeware. Use at your own risk.

 I do not warrant this software to be fit for any purpose or use and
 I do not guarantee that it will not damage or destroy your system. Use of
 this utility signifies acceptance of this warranty and acceptance of all risk.

 See full Warranty documentation on www.joeware.net.

 You ARE licensed the right to use this software on your own systems.
 You explicitly ARE NOT licensed the right to distribute this software. If
 you have a need to license the right to distribute, please email me
 for licensing costs and guidelines.

 If you have improvement ideas, bugs, or just wish to say Hi, I
 receive email 24x7 and read it in a semi-regular timeframe.
 You can usually find me at joe@joeware.net
Rating 3.00 out of 5
« Older Entries
Newer Entries »

[joeware – never stop exploring… :) is proudly powered by WordPress.]