Duncansapien’s Techblog

Overview

Inside a Microsoft Virtual PC 2007 VM we require NTFS permissions to be de-restricted on a set of files. The end-user running the script has no administrative rights, so we must use a third-party tool (CPAU).

The Problem

1. Software named MultiTerm requires read+write access to files in a certain folder under %programfiles%
2. The software runs inside a Virtual PC (or VM)
3. The VM is held on an external USB drive, and the Microsoft Virtual PC software resides on a student microlab.
4. Of core importance, the C: drive of the host student-lab PC is visible inside the VM as shared drive F:. This will permit us to distribute a solution

The Solution

1. Use the CPAU utility to encode administrator credentials and commands to run into a job file.
   These will use the scacls utility modacl.exe to open-up the NTFS permissions.
2. Pass the job file to the students in their microlab.
3. Ask the students to execute a batch file which runs the CPAU jobs.

Steps:

1. In the student microlab, students have access to folder F:NTAppsinstalllanMultiterm_patch inside of which resides one sub-folder, MTPATCH, with all the tools we need.

The student runs F:NTAppsinstalllanMultiterm_patchuser.bat which will copy the MTPATCH folder
to C:temp of the student lab PC.

Here is user.bat

@echo off
rem: Path for MultiTerm iX Software
rem: Duncan J. Potter, SML x3400
rem: November 2008
rem:
rem: - Overview -
rem: MultiTerm software runs inside a Microsoft Virtual PC 2007 Environment.
rem: A patch is needed to unlock (NTFS-wise) a certain folder in order for MultiTerm to run.
rem:
rem: The first stage is to copy the MTPATCH folder to C:tempmtpatch on PC Caledonia, which this script does.
rem: The second stage is for the student, within VPC2007, to run f:tempmtpatchinstall.bat
rem:
rem: Take Note:
rem: The VPC environment has no network drives.
rem: From within VPC drive F: refers to the shared C: drive of the PC Caledonia host.
rem:

goto END
:WRONGLAB
echo This microlab is not suitable for the installation of this software.
%hwsys_pth%sleep for 2
:END

Creating the CPAU Job

A single batch file creates the encoded jobs. In the following, the password for the Administrator account has been changed naturally!

@echo offecho MT Patch 1 Jobcd /d c:vpc2007cpau

rem: goto EXE

:CREATErem: On the HOST PC, drive C: is seen as shared drive F: by the VMcpau -u administrator -p theadminpassword -lwp -ex "regedit /s f:tempmtpatchscacls.reg" -enc -file scacls_reg.job  

echo Creating job mtpatch1 ...rem: Next three lines are all on one line, split for readability here:cpau -u administrator -p theadminpassword -lwp -ex  "f:tempmtpatchmodacl /v "%programfiles%tradosMTiXmultitermtermbase*.*" /ar everyone:full"  -enc -file mtpatch1.job  

echo.echo Creating job mtpatch2 ...rem: Next three lines are all on one line, split for readability here:cpau -u administrator -p theadminpassword -lwp -ex "f:tempmtpatchmodacl /v "%programfiles%tradosMTiXmultitermtermbase" /ar everyone:full"  -enc -file mtpatch2.job  

goto END

:ENDecho.echo Done.pause

As can be seen, the modacl command (from scacls) requires placed in a folder f:tempmtpatch. Remember, the commands that CPAU calls are to be executed by the student but running as administrator. The commands themselves are not run at this time, but encoded job files containing the commands are created.

It was the job of user.bat above to make all the executables available to the student, copying from a shared network drive of the student workstation to c:tempmtpatch of that workstation.

Finally, we need to create the batch file that the student will call to apply the encrypted CPAU jobs, and this is named install.bat, held in the MTPATCH folder. This file makes use of KixTart executables also in the folder:

This is Install.bat

@echo off
rem: Patch to unlock MultiTerm database folder
rem: Folder to ‘unlock’ is c:program filestradosMTiXmultitermtermbase

cd /d f:tempmtpatch
f:tempmtpatchwkix32.exe f:tempmtpatchpatch_installed.kix

xxx

Overview

Datastream Advance v4.0 SP6 is required for use by students in the School. The software is not currently installed on the general PC Caledonia system and, being deemed too complex to script an installation, it was decided to try deplying a pre-configured Virtual Machine instead.

Virtual PC 2007

Using the Technology & Translation MSc as a basis (Windows 2000), all non-relevant software was removed and Datastream Advace (abbrev: DS) installed. The DS software connects to a remote service and registration of the IP number in use is required in order to pass the remote DS Firewall. Registration information is held locally (by me).

The host PC used in VPC2007 temporarily used a pre-registered IP number to gain access to the DS service. NAT was used within VPC2007 to share this IP with the guest VM.

It was found

• Non-admin users require read+write NTFS permissions to the local DS folder, which creates databases as it works.
• Installing as an admin user did not permit a non-admin to ‘Connect’ to the Datastream server. One had to elevate the student user account (msc) to administrator, perform the installation, then demote the user for a connection to work. Connection here refers to ‘Tools…Connect’ which ‘logs in’ to the remote Datastream service.

Finally

1. The Group Policy editor had been used to create secure Registry.pol objects to make the VPC as secure as possible. On the host PC a script named C:VPC2007GPOsystem.bat controls copying of the secure and clean GPO Registry.pol files to lock and unlock the VPC during configuration time.
   Make sure to run this to secure the VPC before deploying.
2. In VPC 2007, use the Wizard to create a new virtual disk named ‘undo’. Associate this, the wizard will say how, with the main disk and specify that it is a ‘differencing disk’. Enable undo in the settings for the VPC. Lastly, under the Close settings, check the box marked ‘Automatically close without a message’ and ‘Turn off and delete changes’.

   This will ensure that anything a student does to the VPC will not be remembered.

Overview

The Computer Assisted Translation MSC runs using Microsoft Virtual PC 2007 software.
The host computers are all PC Caledonia student microlab machines, and the VPC machines are configured to share drive C: of the host as drive F: of the guest.

• Folder C:temp of the host - or F:temp of the VPC guest - is writeable.
• Students also have a networked home drive, H:, on the host PC.

We seek a mechanism to backup files in three key folders of the VPC guest to the shared folder,
from where the backup may be copied to the student’s home folder or USB stick, etc.

7-Zip

The 7-Zip freeware package is installed inside each VPC and has a command line option available.

The three folders of interest to backup are

1. c:/documents and settings/SML Student/My Documents
2. c:/documents and settings/SML Student/Desktop
3. c:/program files/Trados/MTiX/Termbase

The following backup script was written for this purpose. Backup files are first written to
C:temp of the VPC and then copied to shared folder F:temp, then renamed with the
date and time of the backup e.g. 31-10-08-15-32.7z

The Backup Script

@echo off
rem: Purpose:    7-zip backup script
rem:            Uses 7-zip to backup ‘My Documents’ of Transcend USB drive to the shared folder F:\temp of the
rem:            host PC (PC Caledonia) which, on that host, is actually C:\temp.
rem:            Assumes user has logged in as ‘msc’ and profile is ‘c:/documents and settings/SML Student/’
rem:
rem: Author:    Dr Duncan J Potter
rem: Date:        Oct 31st 2008
cls
echo          —— My Documents Backup Script ——-
echo.
echo.

:CHECK
echo 1a. Checking if you have the 7Zip software installed …
if not exist “%programfiles%\7-zip\7z.exe” echo Problem - Zip software 7z.exe was not found
if not exist “%programfiles%\7-zip\7z.exe” pause
if not exist “%programfiles%\7-zip\7z.exe” exit
echo    Passed.
echo.

:MKDIR
echo 2. Creating backup folder on shared host folder C:\temp
rem: SRC http://talk.bmc.com/blogs/blog-gentle/anne-gentle/dos-timestamp-tips
set hh=%time:~0,2%
if “%time:~0,1%”==” ” set hh=0%hh:~1,1%
set yymmdd_hhmm=%date:~4,2%-%date:~7,2%-%date:~12,2%-%hh%-%time:~3,2%
echo    Done.
echo.

:GENEXCLUDE
echo 3. Generating list of file types to exclude from backup …
rem: Generate a file listing types to exclude from the backup
echo *.avi > %temp%\exclude.txt
echo *.mpg >> %temp%\exclude.txt
echo *.mp3 >> %temp%\exclude.txt
echo *.avi >> %temp%\exclude.txt
echo *.exe >> %temp%\exclude.txt
echo *.dll >> %temp%\exclude.txt
echo *.tmp >> %temp%\exclude.txt
echo *.lnk >> %temp%\exclude.txt
echo    Done.
echo.

echo 4a. Starting 7-zip backup …
cd /d “%programfiles%\7-zip”
7z a  -r -x@%temp%\exclude.txt c:/temp/mydocs.7z “c:/documents and settings/SML Student/My Documents” “c:/documents and settings/SML Student/Desktop” “c:/program files/Trados/MTiX/Termbase”
echo    7-zip backup of My Documents complete.
echo.

:MKBACKUP
rem: Make Backup folder
if not exist f:\temp echo Problem - folder f:\temp does not exist
if not exist f:\temp pause
if not exist f:\temp exit
if not exist f:\temp\backup  mkdir f:\temp\backup

echo 5. Copying your Zip archive to F:\temp\backup folder …
copy /y c:\temp\mydocs.7z F:\temp\backup\%yymmdd_hhmm%.7z
echo    Done.
echo.

:TIDY
echo 6. Removing temporary files …
if exist c:\temp\mydocs.7z del /f c:\temp\mydocs.7z > nul
if exist c:\temp\mydocs.7z.tmp del /f c:\temp\mydocs.7z.tmp > nul
echo    Done.
echo.

cd /d F:\temp

echo.
echo.
echo.
echo.
echo ——————— Backup Complete ——————
echo a) A compressed copy of your ‘My Documents’ folder has been created.
echo.
echo b) Backups file names are based on the date and time of the backup.
echo    Your backup is named F:\temp\backup\%yymmdd_hhmm%.7z
echo.
echo c) On your host PC Caledonia machine, this file is located inside
echo    folder C:\temp\backup.
echo    Please copy this to your PC Caledonia H:\ drive or a USB stick.
echo.
echo   *Remember any audio and video files that you may have are
echo    excluded from this backup.
echo.
echo  ————————————————————–
echo.
echo.
pause

Overview

ILA Teacher PC is a Dell Optiplex with single IDE drive and DVD ROM/ CD-RW device.

Issue

The PC may have problems and require restoration from disk backup. Use Gparted - Gnome Partition Editor.

Cloning Steps

1. With the PC on, place Gparted 3.4.5 boot CD in Dell’s drive.
2. Connect a USB drive caddy containing an IDE disk to the Dell but do not power on yet.
3. Reboot the Dell PC.
4. At BIOS time, press F12 for boot menu. Select option 5 - IDE CD device.
   IMPORTANT: The CD drive is twitchy - if Gparted does not appear to be loading after 4-5 seconds, reboot the PC with CTRL+ALT+DEL and try again. Repeat until Gparted loads. Version 3.7.7 of Gparted, burned on the Lightscribe CDs, almost never loads but v3.4.5 is quite successful.
5. As soon as Gparted loads, switch on the power to the USB IDE caddy.
6. Gparted has trouble with the dual-display graphics adapter and requires a slight manual tweak.
   When prompted, enter the command Forcevideo. Then enter vesa (as type of driver) and 1024×768 for video resolution.
7. The Dell hard disk is shown as /dev/hda. The external USB disk is shown as /dev/sda.

The Dell hard disk has three partitions

• a tiny FAT partition - what for is unknown
• a 14Gb NTFS partition, this is drive C: and is flagged as BOOT
• a 10Gb NTFS partition, this is drive D: and holds only D:temp.

To restore the C: drive, first of all delete the 14Gb C: on /dev/hda (and Apply) then copy and paste the same partition  - it is the only one 14Gb in size - from /dev/sda1 (and apply).

Lastly, once copying has taken place, right-click on the newly copied C: drive partition and choose "Manage Flags". Ensure the checkbox next to BOOT is checked as this is the boot partition.

Overview

The requirement is to connect an EMC Celerra NAS device, via iSCSI, to a Fedora 8 (and later, perhaps, 9) Linux system.

Relevant Information

Most information is still in paper form.

iSCSI-initiator-utils is the name of the software package used here, version 6.2.0.865, and the online repository for this package is http://fr.rpmfind.net/linux/rpm2html/search.php?query=iscsi-initiator-utils .

Routing with Multiple NICS - in test environment, one NIC uses 80 (public) subnet and the other a private subnet, no problem. In the live environment, may want two NICS, but one dedicated for iSCSI usage. How to ensure each NIC doesn’t forward/route to the other NIC? Answer. Background on the commands used in the answer - "Guide to IP Layer Network Administration with Linux".

Best Site

This site - RedHat Tips and Tricks - provides the best overview of iSCSI on Fedora systems (actually RedHat but it matches closely with my own Fedora 8 experience).

Also this information (source) is worth knowing!

# install the iscsi utils

yum -y install iscsi-initiator-utils

# change initiator name for new install of iscsi package

/etc/iscsi/initiator.name - InitiatorName=iqn.1991-05.com.microsoft:

# find targets available to the machine

/sbin/iscsiadm -m discovery -t sendtargets -p

# connect and login to target

/sbin/iscsiadm -m node -T :-1 -p -l

# persist the connection for startup

/sbin/iscsiadm -m node -T :-1 -p –op update -n node.conn[0].startup -v automatic

#MOST IMPORTANTLY

vi /etc/fstab

device mount point FS Options Backup fsck

/dev/sda /data2 ext3 _netdev,noatime 0 0

# logout of connection

/sbin/iscsiadm -m node -T :-1 -p -u

Dedicated NICS for iSCSI

Best practice - use a dedicated NIC for iSCSI on a private LAN. But in the current case, the SAN device resides on a public network within the University. Still wishing to use a dedicated NIC for iSCSI traffic, how do we go about it?

After looking at all sort of routing issues, one site suggests simply using iptables to disable port 3260 - which handles iSCSI traffic - on the NIC which you don’t want such traffic one.