edge traffic at the gateway
dirty excuse for an angel
printer password won't reset
don't let this desperate moonlight leave me
13 years ago
Monday, 21 September 2009
Thursday, 3 September 2009
One user enters, one user leaves
subinacl, a wonderbox of command-line ACL power, is part of the Windows Resource Kit.
Here's syntax to transfer one user's access pattern onto another user.
subinacl /subdirectories \\server\departments\accounts\* /replace=ark=gru
This goes through all of the folders in accounts, and replaces ark's SID with gru's SID.
gru now has all the same folder permissions that ark had.
Note: According to the help file (subinacl /help /replace) :
SubInAcl version 5.2.3790.1180
/REPLACE
--------
/replace=DomainName\OldAccount=DomainName\New_Account
replace all ACEs (Audit and Permissions) in the object
Ex: /replace=DOM_MARKETING\ChairMan=NEWDOM\NewChairMan will replace
all ACEs containing DOM_MARKETING\ChairMan with NewChairMan SID
retrieves from NEWDOM domain
Warning: if DomainName\New_Account has already an ACE, ACE replacement is
skipped
Because /replace is supposed to _replace_ ark's SID with gru's, one would expect to find no more references to ark via the Sharing and Security GUI for a folder.
However, in my system, I found that gru now had an entry alongside every one of the ark's entries.
Here's syntax to transfer one user's access pattern onto another user.
subinacl /subdirectories \\server\departments\accounts\* /replace=ark=gru
This goes through all of the folders in accounts, and replaces ark's SID with gru's SID.
gru now has all the same folder permissions that ark had.
Note: According to the help file (subinacl /help /replace) :
SubInAcl version 5.2.3790.1180
/REPLACE
--------
/replace=DomainName\OldAccount=DomainName\New_Account
replace all ACEs (Audit and Permissions) in the object
Ex: /replace=DOM_MARKETING\ChairMan=NEWDOM\NewChairMan will replace
all ACEs containing DOM_MARKETING\ChairMan with NewChairMan SID
retrieves from NEWDOM domain
Warning: if DomainName\New_Account has already an ACE, ACE replacement is
skipped
Because /replace is supposed to _replace_ ark's SID with gru's, one would expect to find no more references to ark via the Sharing and Security GUI for a folder.
However, in my system, I found that gru now had an entry alongside every one of the ark's entries.
Wednesday, 2 September 2009
Friday, 28 August 2009
Thursday, 13 August 2009
Ah! J'understand!
Two cartoons :-
This explains debugging code which has been written with anti-debugging techniques:
http://hackerschool.org/DefconCTF/17/B300.html
This explains how to find a keygen (written in bizarre franglais)
http://pagesperso-orange.fr/l0uk0um/site/dora/fichiers/tutorial.html
This explains debugging code which has been written with anti-debugging techniques:
http://hackerschool.org/DefconCTF/17/B300.html
This explains how to find a keygen (written in bizarre franglais)
http://pagesperso-orange.fr/l0uk0um/site/dora/fichiers/tutorial.html
Monday, 10 August 2009
Creating mixed-mode Exchange/IMAP users
We have a few managers here whose mail needs are a little complicated. They're available to the whole company via Outlook and Exchange for meeting scheduling, but they prefer to use Thunderbirdand IMAP for managing their mail.
(Of course, one can connect to Exchange via IMAP, but we haven't implemented this, purely for reasons of time resources. Back in the day, we started out with courier IMAP, and brought in Exchange a lot later. Smoothly migrating people to the Exchange server would require a lot of individual support hours, and given that the system is fine at the moment, the bang/buck ratio doesn't pan out.)
Here's how to set up a mixed-mode IMAP/Exchange mail user from complete scratch:
The existence of the mailbox will allow the user to manage scheduling with Outlook, and to view Public Folders.
However the email must be redirected to the IMAP account. Here's how:
Now you have a user who can be scheduled via Outlook, but who can use their preferred IMAP client to manage their email.
(Of course, one can connect to Exchange via IMAP, but we haven't implemented this, purely for reasons of time resources. Back in the day, we started out with courier IMAP, and brought in Exchange a lot later. Smoothly migrating people to the Exchange server would require a lot of individual support hours, and given that the system is fine at the moment, the bang/buck ratio doesn't pan out.)
Here's how to set up a mixed-mode IMAP/Exchange mail user from complete scratch:
- Mail Transport Agent - on your external IMAP mail server, create an IMAP box for john.doe@myorg.com
- Mail Transport Agent - create an alias for the user, something like jdo -> john.doe@myorg.com
- Exchange Server - in the EMC, create a new Mailbox under \Recipient Configuration\Mailbox for John Doe. This creates an AD object for John Doe, with Exchange Mailbox properties.
- Still on Exchange, right-click \Recipient Configuration\Mail Contact, and choose "New Mail Contact", and radio on "New Contact".
- Choose the correct Organisational Unit (if you forget this step, don't worry - you can move the Mail User in ADUC later).
- In the "First Name" field, use the IMAP alias (in this example, "jdo").
- In the "External e-mail address" field, use the IMAP alias email address (in this example, jdo@myorg.com).
- Finish creating the contact.
The existence of the mailbox will allow the user to manage scheduling with Outlook, and to view Public Folders.
However the email must be redirected to the IMAP account. Here's how:
- Using the EMC, \Recipient Configuration\Mailbox, open the properties sheet of the Mailbox.
- Choose the Mail Flow Settings tab, and open the Properties of Delivery Options.
- Tick the box "Forward To ...", then click on "Browse".
- Tip! Sort by "Recipient Type" to see the Mail Contacts, and choose your newly-created contact from there.
- Choose Ok, then Ok again to leave the Properties sheet.
Now you have a user who can be scheduled via Outlook, but who can use their preferred IMAP client to manage their email.
Subscribe to:
Posts (Atom)
Posts
