3 ways to grant “Local Admin” permissions to Domain Users.

August 16th, 2015 by Andrea Matesi


There are three ways (that I know of..), to grant “Local Machine” Administrator credentials to a Windows Domain User:

  1. lusr-method (!).
  2. “Restricted Groups” / Secure Restricted Groups (convenient for that funny bunch).
  3. “Secure Local Administrators” (a-la Alan’s way).



to grant “Local Machine” Administrator permissions to a Windows Domain User through lusrmgr.msc:

  1. Remotely login to the User’s Workstation as a “Domain Admin” (or physically sit in front of the User’s Windows PC).
  2. Win+R –> “lusrmgr.msc”.
  3. From the Local Users and Groups Snap-in, Browse to Groups, Double Click on the “Administrators”-Group, locate your Domain User Account & grant him/her membership to the “Administrators”-Group.
  4. Repeat 1..3 for each desired Windows Computer.


Restricted Groups.

lusrmgr.msc may work for your “home” domain or lab.

For that funny bunch of your colleagues, you may wish to use a more convenient way to perform the task of granting them “Local Machine” Administrator permissions.

The Restricted Groups-feature provides you more automation than the “lusrmgr.msc“-method (especially in regards to Step 4).

The Restricted Groups does just that -- it “restricts” local groups membership to the (domain) Groups of your choice.

There are 2 ways to use Restricted Groups.

  • The first way simply adds New Users along the pre-existing Local Administrators Users (within the (Local) “Administrators”-Group).
  • The second way resets (ie. deletes/wipes) ALL the pre-existing Local Administrators Users off the (Local) “Administrators”-Group.


Restricted Groups / Secure Restricted Groups requirements.

  • Active Directory Domain (SBS or Windows Server 2000+ based).
  • Your “Domain User(s)” have to be members of a “Domain Group” (alas not so common on some SBS environments…).
    On my example, I will assume your Domain User Jack Daniels is a member of  the Group “G_HeadOfficeWorkstationAdmins”.
  • Since the Restricted Groups feature is provided by Group Policy, you should also have an OU with some Computers (unless you want to edit the “Default Domain Policy”, which, of course you “can do”!).


Restricted Groups on your workstations -- in 10 easy steps.

Today I will show you Restricted Groups because it is automated, non-destructive and less confusing to implement.

On my next article, I’ll show you how to implement Secure Restricted Groups (which is pretty similar BTW).

  • With Restricted Groups you will automatically add New Users to the (Local) “Administrators”-Group of each Windows PC member of your Domain.

That way, pre-existing Users (ie. already Members of the (Local) Administrators Group), won’t be affected at all (which, depending on how you see it, it may represent an advantage OR a disadvantage).

  1. Browse to Administrative Tools -> Group Policy Management –> Locate your Computers OU (ie. “HeadOffice Workstations”) -> R-Click on your Computers OU & “Create GPO & Link it here” (name it, say, “HeadOffice Workstations Local Admins”).
  2. On the Group Policy Management Editor, Expand:
    Computer Configuration
    + “Policies”
    + “Windows Settings”
    + “Security Settings
    + “Restricted Groups”.
  3. On the Right pane of “Restricted Groups”, Right click and Select “Add Group…”.
  4. To provide Local Admin Permissions to a Pre-existing Group (ie. say “G_HeadOfficeWorkstationAdmins”), Click on the “Browse…”-Button, locate G_HeadOfficeWorkstationAdmins (the group you wish to attach Local Admin Creds to) and Click Ok to confirm.
  5. A new “Group Name Properties”-window will popup.
    On the new properties window skip/ignore the first text box area (ie. the one that says “Members of this group”…).
  6. Focus your attention to the second text box area, where it says “This group is a member of:“(on the lower half).

    From http://support.microsoft.com/kb/279301 :”The “Member Of” list specifies which other groups the restricted group should belong to“.


  7. Click on the “Add”-Button and Type (or copy-paste) “BuiltIn\Administrators” in the Group Membership dialog then Click OK to Confirm.
  8. [Optional] Click again on the “Add…”-Button & type “BuilIn\Remote Desktop Users” & Click OK.
  9. Run an admin cmd & “gpupdate /force”.
  10. REBOOT the Target Computer(s) belonging to the (GPO-linked) OU.

Step No.7 is where you will actually grant Local Admin permissions to the members of the Restricted Group.

Step No. 8 is optional because Local Administrators already have Remote Desktop Access Permissions by default, (but if you must!).

Restricted Groups is “just OK” for small domains of (7 -- 75) SMB Workstations, but it isn’t really that flexible because it relies only on Groups and OUs.


Secure Local Administrators (a-la Alan’s-way).

If you want a preview of “how deep the rabbit hole goes”, then head to Alan’s grouppolicy.biz blog and read (…or should I say “decrypt“?), his sensational article: http://www.grouppolicy.biz/2010/01/how-to-use-group-policy-preferences-to-secure-local-administrator-groups/


On my follow-up article, I will show you how to implement Secure Restricted Groups.



Posted in Microsoft, System Administration | No Comments »

4 useful lsof commands explained

July 12th, 2015 by Andrea Matesi

This short post introduces you 4 useful lsof commands by examples.

Due to their usefulness, I’d like to “remember to use” those commands more often.


lsof -u “username”.

Example running lsof -u root

lsof-u root

The command above will show you all “root’s user” open files.


lsof -a -p “PID”.

lsof -a -p 1

lsof -a -p 1

-a is a simple AND operator. Used this way is the equivalent of “lsof -p 1“.

-p 1 limits the output to PID 1 (usually that is the kernel…). You get PIDs by running the ps command.

When you specify more than 1 lsof -X -Y command switches (ie. “lsof -p 1 -u johndoe“), by default lsof will perform an OR operation (ie. EITHERPID = 1ORUser = johndoe“).

IF you type, say, “lsof -p 1 -a -u johndoe“, lsof will filter your output by “PID = 1ANDUser = johndoe“.


lsof “/var/log/filename.log”.

lsof /var/log/messages

lsof /var/log/messages

lsof with a file parameter will show you who & what daemon is using the file (ie. the “messages“-log file).

On the above screenshot, /var/log/messages is opened by root thru rsyslogd (which has a PID of 1078).


lsof -i :TCP|UDP-PortRange.

[root@host:~]#-> lsof -i :1-100
sshd     1216 root    3u  IPv4  11823      0t0  TCP *:ssh (LISTEN)
sshd     1216 root    4u  IPv6  11827      0t0  TCP *:ssh (LISTEN)
sendmail 1240 root    4u  IPv4  11922      0t0  TCP localhost:smtp (LISTEN)
sshd     1446 root    3r  IPv4  22798      0t0  TCP> (ESTABLISHED)

lsof -i :1-100

The above command (with a space-char after “-i“), queries your system about “what services are running on the first 100 ports”?

If you want to know only what TCP ports are in use, then type:

lsof -i tcp

That’ll show you all the open TCP ports.

My short examples are only the tip of the iceberg of what lsof can do.

lsof is extremely useful and has an extensive (and sometimes arcane) list of options and switches -- check for yourself at the lsof man page: http://linux.die.net/man/8/lsof

Posted in LINUX, System Administration | No Comments »

2 correct ways to install RDS apps (formerly TS) on your RDS HOST.

June 13th, 2015 by Andrea Matesi


2 Options.

  • When you need to provision a new Windows program to by multiple Users (ie. that remotely login to the same TS/RDS Host), you have 2 options.

Setup.EXE VS Setup.MSI

  1. If your app comes packaged with a 3rd party installer (generally “Setup.EXE“), you’ll need to manually place your TS/RDS Host into “Install Mode”.
  2. If your app is offered with a “Setup.MSI“-file, the System will go automatically into Install Mode after you double-click on it & switch back when finished (ie. no need to manually switch to “Install Mode”).

So, if you have an msi, just go ahead and install it -- it’ll automatically be available to your Users (‘though check your RDS Host settings/make sure the app is published).


How to properly deploy “Setup.EXE” Applications.

To correctly deploy an application packaged with a third party installer (ie. Notepad++) & in order to make it available to all your Users, on your Terminal Server or Remote Desktop Services Host(s) :

  • Run cmd as admin then switch to “install mode” with the following command:

change user /install

  • Now install your desired application by, say, running “Setup.exe” (follow the installer prompts as usual).

Once the installer has finished, return to (default) “Execute Mode”.

change user /execute

Install mode allows you to correctly deploy apps to your Users.


Under which mode am I?!

To know under which mode you currently are, run (On an Admin CMD):

change user /query

As per MS recommendation, don’t leave your system in “Install Mode” (see http://support.microsoft.com/kb/186515).



By quoting http://blogs.technet.com/b/perfguru/archive/2008/06/30/how-to-install-application-windows-2008-terminal-server.aspx

“When an application is installed in Install mode, HKEY_CURRENT_USER information is primarily written to the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install

This information is then circulated to HKEY_CURRENT_USER for each user when they log on to the Terminal Server.”

Posted in Microsoft, System Administration | No Comments »

Fast-enable vncserver on CentOS.

January 3rd, 2015 by Andrea Matesi

…Assuming it is already installed (if not then “yum install vnc”).

Launch the server by typing the following on a terminal:

vncserver :1

Then edit ~/.vnc/xstartup as follows:

# Uncomment the following two lines for the normal desktop:
exec /etc/X11/xinit/xinitrc
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic &
xterm -geometry 80×24+10+10 -ls -title “$VNCDESKTOP Desktop” &
gnome-session &

And done!

Posted in LINUX, System Administration | No Comments »

HOW-TO Setup a Windows RESET Image.

December 28th, 2014 by Andrea Matesi



As promised, today I will continue blogging on how to Setup a Windows RESET Image to Restore your System to a previously working state.

This post builds on my previous ones (reported here for convenience):

1. Best Windows UEFI/GPT partitioning scheme

2. HOW-TO Setup a Windows REFRESH Image.

Please note – the RESET procedure will WIPE all your User Profile Data (including your Desktop, Documents, Pictures, Music, Videos, Etc.).

Basically you will lose everything and your computer will return to a previous (virgin, empty, nil) state.

To put it in military speech --

  • REFRESH is like tactical bombing (with some collateral damage).
  • RESET is like nuking(!).

The main advantage of RESET is that you won’t have to rely on a lost or missing Windows DVD or USB KEY to Restore your computer to a working state.

Use RESET only as a last resort and try other options first – That is especially true since it is your data I am talking about.


How-to Setup a RESET Image.

That said, I’ll show you how to setup a RESET Image for your computer first.


  • The process starts by taking a copy of the original install.wim Image From your Windows Install Media (ie. DVD, USB KEY) To a folder within your Recovery partition.

In this example I’ll assume that:

  1. Your Recovery Partition is D:\
  2. Your Recovery Folder is D:\Recovery
  3. Your original “install.wim” Image from your Windows Media is usually located into the “sources”-folder.

Once your RESET Image is in place, open an Admin CMD Prompt and type the following commands:

reagentc /setosimage /path D:\Recovery\install.wim /index 1
cacls D:\Recovery /E /R Users
icacls D:\Recovery /inheritance:d

With the “reagentc”-command, you will specify the path to your RESET Image. The “/index 1”-option selects the first Windows Image within your “install.wim“-Image (Windows 8.1 Pro in my example).

You can find the correct image index with “dism /get-wiminfo /wimfile:D:\Recovery\install.wim”.

Also, to prevent damage to your RESET image, use the cacls and icacls commands to remove normal Users’ permissions and to disable inheritance.


Now you see me, now you’re dead!

I highly suggest you to test your RESET image.

Proceed as follows:

  1. Install a new application (say 7-zip).
  2. START –> POWER-Button –> RESTART while keeping the SHIFT-KEY pressed.
  3. Boot to WinRE.
  4. Select “Troubleshoot your Computer”.
  5. Select “RESET” to Reset your PC.

After your computer has been reset, your computer will enter the OOBE process.

You will also notice that 7-Zip is missing from the list of installed Programs and all your User Data is gone!


1-Star Movie Reviews: Dr. Strangelove



BONUS – Hide the Recovery Partition.

If you’ve made it that far, I guess then it’s time to hide your Recovery partition from malicious eyes.

That is to prevent you (or s/else) to accidentally write data (& fill-up) your Recovery Partition.

In this case, a few DISKPART commands will do the trick, so open a CMD as Admin and type:

select disk 0
list volume
select volume 1 <- select your “Recovery”-Volume.
remove <- remove the letter assignment (ie. D-Letter).
list partition
select partition 4 <- select your “Recovery”-Partition
set id=de94bba4-06d1-4d40-a16a-bfd50179d6ac override <- Hide the partition.


Posted in Microsoft, System Administration | No Comments »

HOW TO Setup a Windows REFRESH Image.

November 16th, 2014 by Andrea Matesi



To continue with your discovery into hidden but-not-so hidden Windows secrets, the next step after configuring your Best Windows UEFI/GPT partitioning scheme is to setup a Windows REFRESH Image.

If you are a Windows Laptop or Tablet user, it is likely that your (reputable?!) vendor has already done the hard work for you.

Although if you choose to perform a clean-upgrade to a later version of Windows or you have a blank computer to start with, please be aware that Windows Setup (by default) does not configure for you a (handy!) REFRESH and/or RESET image.

That is (guess what?) so I can write these post!

If you wonder what a REFRESH or RESET image is, let me briefly introduce you these…

A REFRESH Image is a sort of a snapshot of your system-state without any of your 3rd party programs installed, while a RESET Image wipes your whole Windows system to its current defaults.

The only remarkable difference is that:

1. If you REFRESH, you won’t lose your USER PROFILE DATA (your Desktop, Docs, Pics, etc.).

2. IF you RESET, you will lose ALL your USER PROFILE DATA (your Desktop, Docs, Pics, etc.).

Now, if your feel you require further info about those features, search with your fav. search engine then get back!


Let’s get to work.

As said at the beginning, consider this post as the continuation of Best Windows UEFI/GPT partitioning scheme, so I will assume that you’ve installed Windows by following my Best Windows UEFI/GPT partitioning scheme post <LINK>.

Once on Windows, you will notice there is a ~16GB empty partition labeled “Recovery”.

This partition is intended to host both your REFRESH and RECOVERY Images (although for practical reasons I’ll be blogging about the RESET Image on a future post).


How to Deploy a REFRESH Image to your Recovery Partition.

To Deploy a REFRESH Image to your Recovery Partition, you will rely on “recimg”.

recimg” is a neat command-line utility that allows you to setup and register a REFRESH Image.

Before using recimg (to create a Custom REFRESH Image), please locate the Drive letter that has been assigned to your “Recovery”-Partition (in my example I will assume that is “D:\”).

You can find your Recovery Partition through Explorer, Disk Management or DISKPART (up to you).

Then, on your freshly setup Windows 8.1, open an Admin CMD and type:

recimg /createimage D:\


Brace for a long wait, since the above command will create your Custom REFRESH Image based on your (currently running) Windows.

TIP: Install all your fav apps before creating your REFRESH Image Winking smile

  • Once the REFRESH image creation is complete, recimg will also register the image within your WinRE.

After beer, coffee (or whatever you fancy!), test that your REFRESH Image is working.


Tactical Bombing.

For example (After the REFRESH Image process is complete):

  1. Install a new application (say 7-zip).
  2. START –> POWER-Button –> RESTART while keeping the SHIFT-KEY pressed.
  3. Boot to WinRE.
  4. Select “Troubleshoot your Computer”.
  5. Select “REFRESH” to Refresh your PC.

After your computer has been refreshed, you will notice that 7-Zip is missing from the list of installed Programs (but no User Data has been harmed in the process)!

I guess that’s about it. Thanks for reading and please share my blog!

On my next article, I will show you how to Setup a Windows RESET Image.

Posted in Microsoft, System Administration | No Comments »

Best Windows 8.1 UEFI/GPT partitioning scheme.

October 18th, 2014 by Andrea Matesi



In this post, I will assume that you wish to deploy Windows 8.1 (or newer) to your UEFI computer on a blank GPT Hard Disk in the best possible manner.

“Best” is a highly subjective topic of which you can write bibles and treaties about.

My vision of “best” mainly (not always!) revolves around “most scalable”, “most efficient” and “sustainable”.

But why write a post on how to best partition your GPT hdd when Microsoft has already published a “Recommended” GPT partitioning scheme (at http://technet.microsoft.com/en-us/library/dd744271(v=ws.10).aspx & http://technet.microsoft.com/en-us/library/hh824839.aspx)?


Always deploy WinRE to its own partition.

For one, when you simply run the default Windows setup (ie. the installer) and point it to a blank Disk, Windows setup (loosely) deploys your copy of WinRE (“winre.wim”) to C:\Windows\system32\Recovery

‘Though the above technet articles recommend you to deploy WinRE to its own partition (to which I fully agree).

So, in other words:

  • Always deploy WinRE to its own partition.

Winre in its own partition (IMHO) is of advantage when you wanted to perform an offline “chkdsk /f /r”  (without relying on the Windows Setup media), since the “chkdsk”-command would then be able to obtain exclusive access to the (usually b0rked..) Disk.

When you install Windows 8.1 by following my partitioning scheme, WinRE willl be automatically deployed to its own partition.


“Recovery Image”-Partition before Windows & Use the whole Disk.

Since the MS-recommended partitioning scheme has already been introduced, I will assume you are now familiar with it and you’d like to stick to it.

Partitions: WinRE, ESP, MSR, Windows, Recovery

If that is the case, then it’s all good -- have fun!

In case you wanted to know my opinion, read on.

My objection to the MS-recommended partitioning scheme is its inflexibility:

  • On the linked technet articles, Microsoft recommends you to create a fixed ~75GB “Windows”-Partition, followed by a “Recovery Image”-partition -- but I get that, these are “bare minimum” recommendations.
  • Secondly, they moved the “WinRE tools”-partition to the beginning of the Disk (while instead on another popular FAQ they advise you (as a MUST!) to always deploy the EFI System partition to the beginning of the disk(!).

“Popular FAQ”? –> Here: http://support.microsoft.com/kb/302873 <-Did Microsoft techies change their mind or what?

Also, MS recommends for the “Recovery Image”-partition to be the lastjust in case you wanted to claim back its space” or “to move the Recovery Image to a USB Key“.

Having options is a good thing (that’s also a reason why I like Windows), ‘though:

  • Why bother making a “Recovery Image”-partition in the first place if you wanted to claim its space back?!
  • Why “waste” an USB Key only for a Recovery Image?!

…”de gustibus” (“thanks but no thanks”)!


(inflexible) 512GBs SSD EXAMPLE.

To better introduce you my UEFI/GPT Partitioning scheme, I will use an example:

  1. Let’s assume you have a blank/unformatted 512GB SSD (usually 476GB available).
  2. Let’s assume you followed the technet “Recommended” GPT partitioning scheme.


By following the “Recommended” GPT partitioning scheme, you’d end-up with a disk with the following partitions:

  1. 300MB WinRE Partition.
  2. 100MB EFI Partition.
  3. 128MB MSR Partition.
  4. 75GB Windows Partition.
  5. 15GB Recovery Image Partition.

For a total of ~91GB.

Unless you wanted to dedicate 385GB to overprovisioning, the remaining disk space would be wasted (here my point is that they could at least explain you “how to do the maths” -- Re overprovisioning, some SSD manufacturers are already increasing the overprovisioned space).

Then there’s that 300MB WinRE Partition at the beginning which looks quite limited (IMHO).

And at last you have the 15GB Recovery Image Partition (which I wouldn’t bother to setup at the end of the hdd if I wanted to get rid of it at some point).


(improved) 512GBs SSD EXAMPLE.

Enter my recommended UEFI/GPT 512GB SSD partitioning scheme:

  1. 520MB EFI Partition.
  2. 2054MB WinRE Partition.
  3. 128MB MSR Partition.
  4. 16390MB Recovery Image Partition.
  5. <THE REST> Windows Partition.

For a total of 476GB.

This way, you’ll end-up:

  • Using the whole disk space (ie. no need to specify a fixed size and/or learn the math).
  • Deploy an EFI System Partition to the beginning of the Disk.
  • Setup a Recovery Image Partition before the Windows Partition.


I’ve been more generous with the space allocation to:

  1. Prevent potential VSS, Backup & 4-k sector drives issues (search on technet for details).
  2. Allow Custom WinRE images (potential subject for a future post).
  3. You’ll never know what you might end placing into each of these partitions in the future (ie. shrink the Windows Partition to install Linux).
  4. Plenty of space for both a Refresh and a Recovery Image (within the same partiti0n No.4).
  5. Lots of space for Windows (and potentially other OSs).
  6. Space for Bitlocker.



Here’s an example that would create my recommended Disk partitioning scheme with DISKPART.

Please note – the below example will work with EVERY DISK you throw at it (ie. INDEPENDENTLY of its size). In other words, you can use the below commands to install Windows to a smaller (ie. 256GBs) or bigger (ie. 1TB) without having to do the maths.

select disk 0
convert gpt
create partition efi size=520
format fs=fat32 quick label=System
create partition primary size=2054 ID=de94bba4-06d1-4d40-a16a-bfd50179d6ac align=1024
format fs=NTFS label=WinRE quick
create partition msr size=128
create partition primary size=16390 align=1024
format fs=NTFS label=Recovery quick
assign letter=R
create partition primary align=1024
format fs=NTFS quick label=C
assign letter=c

You can reuse the above during the Windows Setup – just press “SHIFT” + “F10” to launch a command prompt and then run DISKPART to customise to your pleasure.

If you wanted to use 8k sectors, you could’ve added the “unit=8k” to the “format fs=NTFS[..]”-command, ‘though that would prevent you from using the native ntfs compression.

I guess next I will have to show you “How to put to good use that ~16GB Recovery Partition”.

If you wish to know more re what all those partitions are, read this excellent technet article: http://technet.microsoft.com/en-us/library/hh824839.aspx

Please share, follow me on twitter and support my blog to keep the articles coming!

Posted in Microsoft, System Administration | No Comments »

4 most useful vmrun commands.

August 23rd, 2014 by Andrea Matesi

Did you pay the vTax?!

If you “vmware“, then vmrun should be your screwdriver.

If you only “Hyper-V” then know that vmrun is like “Set-VM“-equivalent (in Powershell-speech).

Among other things, vmrun allows you to boot & reboot your VMs by skipping the screamingly fast (!) WEB-UI.

vmrun relies on webservices to send commands to the host but is invoked from the CLI.

For it to work, you need a client (say a linux distro of your liking), and a vSphere server with a couple of VMs.

In my examples below, I’ll be referring to vSphere 4.1 Server ( managed from an Ubuntu box.


vmrun requirements.

To use vmrun, you’ll need the VIX Standalone API Libraries.

You can Download the VIX Standalone API Libraries from the vmware website (‘though you’ll have to register first).

Register with vmware (it’s free), then download and install the VIX standalone API libraries.

  • Follow the enclosed instructions on how to install the VIX API libs to your system.

I downloaded and installed the VIX Standalone API Libraries on my occasional Ubuntu client of choice.


vmrun -h https://vSphere-IPAddr:8333/sdk -u root -p pwd list.

This command will provide you a list of available VMs.

It relies on the list parameter.

Once you installed VIX, from your Linux client type:

[root@localhost ubudevsrv1]# vmrun -h -u root -p p@ssw0rd list


Total running VMs: 7
[standard] ubuntu_server_1/Ubuntu.vmx
[standard] ubuntu_server_2/Ubuntu.vmx
[standard] centos_server_1/centos-5.3-i386-server.vmx
[standard] ubuntu_server_3/Ubuntu 9.04 Server.vmx
[standard] ubuntu_server_4/Ubuntu.vmx
[standard] centos_server_2/Centos-5.5.vmx
[standard] centos_server_3/CentOS-5.2.vmx

You can interact with those VMs remotely.


vmrun -h https://vSphere-IPAddr:8333/sdk -u root -p pwd stop “[type] vm-name.vmx”.

This second command will show you how to shutdown a VM.


[root@localhost ubudevsrv1]# vmrun -h -u root -p p@ssw0rd stop “[standard] centos_server_1/centos-5.3-i386-server.vmx”

The above will gracefully Shutdown (provided your VM does have the “VMWARE Tools” installed), the VM named “[standard] centos_server_1/centos-5.3-i386-server.vmx”.

For the above command to work, please note you’ll have to refer to the VM by enclosing any spaces and brackets within double quotes (“…”).


vmrun -h https://vSphere-IPAddr:8333/sdk -u root -p pwd start “[type] vm-name.vmx”.

This command will simply Boot your VM of choice.


[root@localhost ubudevsrv1]# vmrun -h -u root -p p@ssw0rd start “[standard] ubuntu_server_1/Ubuntu.vmx”

Will Boot the VM named [standard] ubuntu_server_1/Ubuntu.vmx.


vmrun -h https://vSphere-IPAddr:8333/sdk -u root -p pwd reset “[type] vm-name.vmx”.

Finally, if you wish to Restart your VM, use the reset parameter.


[root@localhost ubudevsrv1]# vmrun -h -u root -p p@ssw0rd reset “[standard] centos_server_2/Centos-5.5.vmx”

The above command will Reboot the VM named “[standard] centos_server_2/Centos-5.5.vmx”.

Posted in LINUX, System Administration, Virtualization | No Comments »

[SOLVED] How to correctly integrate Google Drive with “My Documents”.

May 27th, 2014 by Andrea Matesi


Today I was messing with Google Drive and the Windows Libraries.


Google Drive logoWindows Libraries

My idea was to integrate both products so I could access my data from everywhere.

If you want to skip the details and jump to the conclusion, please refer to the heading named SOLUTION (or How to correctly integrate your “My Documents” with Google Drive) -- scroll below.


Windows Libraries for infants.

For newborns, Windows Libraries are a “catalog”-type of a special folder.

Instead of standard files & folders, they contain “links” that point to other folders.

For example, when you open Windows Explorer.exe (Win+E), by default you’ll find a “Libraries” list (on the left).

Each Library (let’s say Documents), shows you your files & folders, ‘though the actual files and folders are located somewhere else.

For example, the Documents Library holds your Documents Folder Content (ie. C:\Users\%username%\My Documents\), along the Public Documents (normally located by default at C:\Users\Public\Documents).

To manage what to show within a specific Library:

  • Right Click on the Library (ie. Libraries -> Pictures).
  • Click on “Properties”.
  • On the popup window, Add/Remove the folders locations you’d like to include.

Now, for the readers who agree on Google Drive’s value, what I wanted to achieve was a convenient integration between “My Documents” Library (on my PC) with Google Drive (in the Cloud).

In other words, I wanted to host my “C:\Users\andrea\My Documents” within my Google Drive root.

That way, C:\Users\andrea\Google Drive\My Documents would still be available within my “Documents”-Library.


How to NOT integrate Google Drive with “My Documents”.

So I went into C:\Users\andrea\ with explorer.exe and right-clicked on Mt Documents.

Then “Properties” -> “Location”-tab and I pointed the Destination to C:\Users\andrea\Google Drive (since I thought my ENTIRE “My Documents”-folder would’ve been relocated as-it-was to my Google Drive root).

The expected end result would’ve been C:\Users\andrea\Google Drive\My Documents.


Error No.1

Unfortunately something went wrong and I ended up with a C:\Users\andrea\Google Drive == C:\Users\andrea\My Documents folder.


Error No.2

Since this IMHO is suboptimal, I tried to rollback by relocating “My Documents” to somewhere else.

Whoa! that definitely killed my Google Drive folder!


Error No.1 & No.2 FIX.

To fix the above scenario, I had to “unlink” my computer from Google Drive first (which is a PITA, since after you uploaded a couple of gigs to it, you have to clean it from the web side, then re-upload everything -- unless you’re OK with downloading all your duplicates, that is!).


SOLUTION (or How to correctly integrate your “My Documents” with Google Drive).

Lesson learned: if you wish to relocate your Documents to Google Drive:

  1. Please first create a NEW Folder inside C:\Users\%username%\Google Drive\ and name it (conveniently) “My Documents”.
  2. Make sure the New Folder is synched to Google Drive.
  3. Right Click on your (real) “My Documents”-folder Properties.
  4. Click on the “Location”-tab.
  5. Click on the “Move”-Button.
  6. Select the New Folder created at step No.1
  7. Click OK to Confirm and wait for the file transfer process to relocate all your stuff over there.

This way you’ll end-up with a “My Documents” subfolder of C:\Users\andrea\Google Drive\ (ie. C:\Users\andrea\Google Drive\My Documents).

  • The advantage of this setup is that it allows you to store, say, your “My Documents” and your “My Pictures” on Google’s Drive.

Also, if you happen to have an “home” folder on your Mac and/or your Linux-based system, the separation allows you to distinguish between each OS.

That is good since some Windows Programs have the (good or bad?!) habit of dumping stuff (ie. Savegames, etc.) into your “My Documents”-folder (that you don’t want to “see” when on a Mac or Ubuntu).

Now, if Documents doesn’t come up on your Libraries, right click then & add your “C:\Users\andrea\Google Drive\My Documents” to it!

Happy cloud computing!


I made a mess of my files, please help?!

[BONUS]: did you happen to mess it badly and now, after you Right Click on your “My Documents”-folder, the “Location”-Tab is missing?!

No problem:

  1. Fire regedit
  2. Go to “HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Explorer\User Shell Folders”.
  3. Specify on which folder the Location-Tab should appear!




Posted in dirty hacks, Microsoft, Tips and Tricks., Windows 8/8.1 | No Comments »

Samba share on Ubuntu Server Host.

December 29th, 2013 by Andrea Matesi

I experimented with the manual creation of a samba share on an instance of Ubuntu Server. Here’s the commands I used…

sudo su
useradd amatesi
smbpasswd -a amatesi
vi /etc/samba/smbusers <- insert the following: amatesi = “network username”

smbpasswd -a amatesi
addgroup samba-users
adduser amatesi samba-users

chown -R root:samba-users /var/samba-share
chmod -R 771 /var/samba-share

/etc/samba/smb.conf content:

comment = samba-share directory
path = /var/samba-share
public = yes
writable = yes
valid users = amatesi
create mask = 0771
directory mask = 0771
force user = amatesi
force group = samba-users

/etc/init.d/samba restart

One synonym for guest access is “public = yes”.

To access the shared folder from Windows, “Start” -> “Run…”:


And replace 192.168.x.x with your actual Ubuntu Server IP address sharing the folder.

To access the shared folder from a Linux GUI, type the following in Konqueror or Nautilus:


To access the shared folder from a Linux terminal or console:

smbclient -L SERVER-NAME

If the command above doesn’t work, try the following command:

smbclient -L SERVER-NAME -I 192.168.x.x

…where SERVER-NAME = netbios name from /etc/samba/smb.conf and 192.168.x.x is the Ubuntu server hosting the files.

To delete a network user:

sudo smbpasswd -x system_username

To Enable SWAT.

edit the /etc/xinetd.d/swat file and make it similar to the following:

# SWAT is the Samba Web Administration Tool.
service swat
socket_type = stream
protocol = tcp
port = 901
wait = no
user = root
server = /usr/sbin/swat
#    only_from =
log_on_failure += USERID
disable = no

/etc/init.d/xinitd restart

Then restart the xinitd daemon


Posted in LINUX, System Administration | No Comments »

« Previous Entries