Monday, September 25, 2017

Concise ShadowGroup Powershell Scripts

sync icon

The definition of a shadowgroup is simply the synchronization of members in an Active Directory OU with the members of an Active Directory Group.

Thanks goes to David K. Sutton for his post at

One caveat of his concise script was that Get-ADGroupMember, by default, has a limit of 5000 objects returned. Other internet sources reported an easy workaround by using the member property of the get-adgroup cmdlet.

So I present to you modified versions of a concise ShadowGroup powershell script. One no-frills version, and another with email support.

Written mostly StackEdit.

Thursday, August 10, 2017

ESXi boot slow/stalled/stuck at "iscsi_vmk loaded successfully"


Problem: ESXi boot slow/stalled/stuck at “iscsi_vmk loaded successfully”

Cause: Unfortunately this is normal due to:
  • Dynamic Discovery.
  • Software iSCSI Adapter LoginTimeout=XX causes XX second timeout for each Dynamic discovery.
Solution 1: Leave it alone !!
Solution 2: Reduce LoginTimeout (Dell recommends LoginTimeout=60)
Solution 3: Make it all static.
Written with StackEdit.

Monday, June 12, 2017

GPO Map Drive Login Script not working


Problem: Active Directory Group Policy Logon Script to Map Drive fails to execute when applied to specified A.D. Group.

Likely Cause: The GPO “Security Filtering” must also include computers, not just the Groups.

Solution: Set the “Security Filtering” to include “Domain Computers” as well as the desired user groups.

Written with StackEdit.

Thursday, June 8, 2017

RHEL7 CentOS7 chroot-named

enter image description here

Recently, I replaced two old RHEL5 DNS BIND (named) servers to RHEL7. Essentially, I took the easy route and used WebMin config backups to setup the new servers. However, i did come across some easily resolvable issues.

Problem: I want to replace named with chroot-named


yum -y install bind-chroot

systemctl stop named
systemctl disable named

/usr/libexec/ /var/named/chroot on
mkdir /var/named/chroot/var/named/data
chown named:named /var/named/chroot/var/named/data

systemctl enable named-chroot
systemctl start named-chroot

Problem: Job for named-chroot.service failed because the control process exited with error code.

Solution: you need to mkdir/chown data directory as described above.

You can get additional service status info with journalctl -xe -u named-chroot

Problem: zones aren’t being transferred or files are access-denied (as seen with with the above journalctl command )


#DNS1 (optional?)
scp -p /var/named/chroot/var/named/*.{rev,hosts} root@DNS2:/var/named/chroot/var/named/slaves/

chown -R root:named /var/named/chroot/var/named/slaves/
chmod 770 /var/named/chroot/var/named/slaves/
chmod 660 /var/named/chroot/var/named/slaves/*


Written with StackEdit.

Thursday, June 1, 2017

MS Edge? NO THANKS!!!!!

Somehow, recently while using Firefox on Debian, a websearch produced an MS page with a banner-nag... WTF?

Thursday, May 18, 2017

Thursday, May 4, 2017

Win10 Sucks | Win10 Repair | How to exit Rage-Mode

list of necessity:

ctrl-shift right-click taskbar item for "Restore, Move, Size, Min, Max"

ctrl-shift left-click taskbar pinned item to runAs Admin

create Show Desktop shortcut with:
%windir%\explorer.exe shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}

create Logoff Shortcut with:
or alternatively: C:\Windows\System32\shutdown.exe /L


Monday, May 1, 2017

bash if shift-key pressed


I had to write a custom bash launch script for a local machine, but wanted it to do one thing if the shift-key was pressed and another thing if it was not.

After searching, i found that bash is NOT capable of such a thing. However, there was a short and simpe C implementation found here:

So after compiling the code (gcc shift_state.c -o shift_state ; chmod +x shift_state) and explicitly running it under sudo (required to access /dev/console), i found it did exactly what was needed.

So the only problem remaining was i didn’t want to run my bash script with sudo. To circumvent such, i ran sudo visudo and added the line myusername ALL=(ALL) NOPASSWD: /home/myusername/scripts/shift_state which would allow me to run sudo ~/scripts/shift_state without entering my password.

Subsequently, it was easy to implement a bash script as needed.


But wait, there's more!

Such could also be used to customize your XFCE Panel-based launch-bar. (Or any launch-bar for that matter.) For instance, In the past, I've created a panel item for Sublimetext. This is a "Launcher" item with two sublimetext commands, one launches and another launches with the -n parameter for a new window. However, it looks ugly and a bit cumbersome to launch:

With the shift_state method, I have replaced the Launcher commands with a single command: bash -c "if ! (( $(sudo ~/scripts/shift_state) )) ; then /opt/sublime_text/sublime_text %F ; else /opt/sublime_text/sublime_text -n %F ; fi". Now it looks better without a secondary command-arrow, and when I shift-click to launch, it provides me the same function in a quicker workflow way.


As Always, Good Luck! You can thank me with bitcoin.   

Written with StackEdit.

Friday, April 28, 2017

Replace/Supplant/Overwrite Hamachi with ZeroTier-One


Wait there just one moment -- you mean to tell me I never posted about replacing Hamachi for something in “orders of magnitude” better?!!? How absurd of me.

Purge that crippled software with ZeroTier-One immediately! ZeroTier is cross-platform and even works on my obsolete Synology 410j. Forget Hamachi FOREVER!

Free Versions of Hamachi ZeroTier-One
Nodes per network 5 100
Bandwidth Low High
Dropped Connection Often Rare †
IP Assignment Auto-assigned Auto-assigned or Static
IPv4 Subnets 25.*.*.* 10.147.17.* 10.147.18.* 10.147.19.* 10.147.20.* 10.144.*.* 10.241.*.* 10.242.*.* 10.243.*.* 10.244.*.* 172.22.*.* 172.23.*.* 172.24.*.* 172.25.*.* 172.26.*.* 172.27.*.* 172.28.*.* 172.29.*.* 172.30.*.* 192.168.191.* 192.168.192.* 192.168.193.* 192.168.194.* 192.168.195.* 192.168.196.*
IPv6 yes RFC4193 (/128) & 6PLANE (/80)
Traffic Filtering Client Firewall Custom traffic and protocol (“Flow”) rules with v1.2.x
SourceCode Closed Source Open Source and freedom loving
Free Support Forums; but often goes unanswered Support button on website, Knowledge-Base, and Forums; Super responsive

† The only time my connection dropped, was when ZeroTier versioned from 1.1.4 to 1.2.x and a couple of my clients had to be re-authorized & re-IP’d via WebUI. Doing so put them back online without touching the clients. Now that’s cool.

I'm syncing files over my ZeroTier VPN now.  You could consider replacing DropBox and BTSync with SyncThing. See my previous post for a quick and dirty install.

Other cross-platform Hamachi alternatives that I have not tried (because ZeroTier-One just works!) :
- SoftEther VPN
- tinc vpn
- FreeLAN
- NeoRouter Free (as opposed to the Mesh and Pro versions)


meanwhile back at the batlab
$ sudo aptitude purge logmein-hamachi
The following packages will be REMOVED:
0 packages upgraded, 0 newly installed, 1 to remove and 0 not upgraded.
Need to get 0 B of archives. After unpacking 2,867 kB will be freed.
Do you want to continue? [Y/n/?] YYYYYYY
(Reading database ... 105225 files and directories currently installed.)
Removing logmein-hamachi ( ...
Stopping LogMeIn Hamachi VPN tunneling engine logmein-hamachi *
Removing any system startup links for /etc/init.d/logmein-hamachi ...
Purging configuration files for logmein-hamachi ( ...

Current status: 5796 new [-1].
$ echo "joy"
Partially written with StackEdit.

Wednesday, April 26, 2017

ghetto bash-prompt git-status

There are tons of awesome and beautiful bash-prompt and zsh-prompt git-status scripts out there.

You can find stuff like this for zsh and bash:

But this is NOT that.

I’m not a heavy developer, i just wanted something quick and easy. Enter my “ghetto bash-prompt git-status”

This will NOT change your existing prompt, it simply executes as the last instruction before your prompt is displayed.

If you want something better, look into:


VMWare PowerCLI 6.5.1 now easily installed via PowerShellGet


VMWare PowerCLI 6.5.1 now easily installed via PowerShellGet!

PS> Find-Module "VMWare.*" | Install-Module -AllowClobber -Verbose

That’s it! …However, You may also need to update occasionally:

PS> Find-Module "VMWare.*" | Update-Module -Verbose

Your scripts may begin with Import-Module VMware.VimAutomation.Core

Separately, you may update all your powershell help files with Update-Help

See the vmware blog for more info, including installing under an administrator account for an "AllUsers" install: i.e. [...] -Scope AllUsers


Published with StackEdit. Written with SublimeText

Tuesday, April 25, 2017



Previously working, but now
Address already in use: AH00072: make_sock: could not bind to address

Probable Cause:
Any two or more .conf files have Listen 443 or <VirtualHost _default_:443> in them.

Tentative Solution:
Edit your /etc/httpd/httpd.conf or other /etc/httpd/conf.d/*.conf files making sure you don’t have two files requesting port 443. It seems recent Apache versions are more strict and will fail to run, whereas older versions did not complain. Technically, I just the renamed /etc/httpd/conf.d/ssl.conf to /etc/httpd/conf.d/ssl.conf.OFF so that my actual /etc/httpd/conf.d/live_ssl.conf file was used.

Written with StackEdit. Icon via FindIcons.

Thursday, April 20, 2017

a stop job is running for ifup | NetworkManager


a stop job is running for ifup
a stop job is running for NetworkManager

Debian Jessie and jessie-backports systemd versions 2.15 and 2.30 respectively have a small bug that stalls shutdown.

Tentative Solution: (i.e. unofficial; your mileage may vary)
edit /etc/systemd/system/, replacing

ExecStop=/sbin/ifdown -a --read-environment


ExecStop=/sbin/ifdown -a --read-environment --force --ignore-errors

and also





Written with StackEdit. Icons via IconFinder

Wednesday, April 19, 2017

font icons displaying as squares in conky


FontAwesome and other font-based icons showing as squares in conky.

conky <= v1.9 : override_utf8_locale yes
conky >=v1.10.x : override_utf8_locale = true,
Written with StackEdit.

Tuesday, March 28, 2017

install docker in debian jessie without unnecessary cgroupsfs-mount, mountall, and plymouth dependencies


Install docker on your debian jessie workstation without unnecessary cgroupsfs-mount, mountall, and plymouth recommended dependencies.


Prerequisite: jessie-backports. Configure jessie-backports or the riskier unstable “sid” repositories before proceeding.

sudo aptitude install aufs-tools libnih-dbus1 libnih1 makedev git
sudo aptitude install -t jessie-backports --without-recommends

This should work, but be aware aptitude show shows these are required also:

Depends: adduser, iptables, init-system-helpers (>= 1.18~), perl, libapparmor1 (>= 2.6~devel),
 libc6 (>= 2.14), libdevmapper1.02.1 (>= 2:1.02.90), libsqlite3-0 (>= 3.5.9)

Now add your user account to the docker group; otherwise you will receive the error “permission denied. Are you trying to connect to a TLS-enabled daemon without TLS?”

sudo gpasswd -a $USER docker ( same as sudo usermod -a -G docker $USER)

Logout and re-login. Potentially, you could also exec su -l $USER

Now start docker and set it enabled by default.

sudo systemctl enable docker
sudo systemctl start docker

Now install your preferred containers

docker pull vmware/powerclicore

~ ~ ~
Edited with SublimeText & PackageControl
Published with

Docker : "permission denied. Are you trying to connect to a TLS-enabled daemon without TLS?"


Docker : “permission denied. Are you trying to connect to a TLS-enabled daemon without TLS?”, when docker pull

solution: add username to group docker, logout and relogin ; make certain the service is running

sudo groupadd docker
sudo gpasswd -a $USER docker (same as sudo usermod -a -G docker $USER)

Logout and re-login. Potentially, you could also exec su -l $USER

sudo cystemctl start docker
sudo cystemctl enable docker #if you want it enabled by default

~ ~ ~
Edited with SublimeText & PackageControl
Published with

Monday, March 27, 2017

persistent powershell commandline history


Persistent PowerShell CommandLine History

via (&

Win10 install module:
Install-Module PSReadline

edit* system’s powershell profile:
notepad c:\windows\system32\WindowsPowerShell\v1.0\profile.ps1

to the end of the file, add:
Import-Module PSReadline

restart powershell

*(never use notepad, use + instead)

Friday, February 10, 2017

PDF editing in linux

Linux users probably already know all the PDF tools available from their respective repositories.  Tools like pdfchain, pdfconcat, pdfgrep, pdfcrop, pdfimages, and pdfseparate seem to be the most useful commandline utilities.

However, i also use a GUI PDF editor that is typically not available via repositories.  I have found this product to be invaluable and well worth mention.

Please visit to make use of this extraordinary free tool.

It includes all the functions needed to graphically modify, highlight, or annotate PDFs.  One of the most difficult things to do to PDFs in linux is to edit text.  Be assured, Master PDF Editor will allow you to do such.

Thursday, January 12, 2017