Saturday, 28 September 2013

Windows server 2012 switching from Core to GUI (rant) and bloody Error: 0x800f0906

I have wasted quite some time figuring out why the hack would the change procedure for switching from Core to GUI not work when I know I have run the exactly same procedure before and it did work. But no, this time all I got was a nice error...
So, you do this (install GUI from the install.wim file with the index of 2 - Server 2012 Standard Full):

Install-WindowsFeature -Name "Server-Gui-Mgmt-Infra" -Restart:$false -source wim:D:\sources\install.wim:2

And receive a generous error of  0x800f0906 with the text saying that you should supply the source...
The same thing happens when you try to switch by using the DISM command (well not exact error but you get an error saying you should try adding the source).

Every possible web site I could find was telling me that all I needed to do was what I have already done - just add the -source to PowerShell commands or /Source to the DISM command and point it to the correct source (Either the SxS directory or a WIM image) for instance like on an excelent page like this one.
Well the issue seems to be that if you have installed Server Core at the beginning and then installed Windows updates (I had about 36 updates that needed to be added), your sources (SxS directory or WIM image file) are not the correct version any more and the commands will not recognize them as sources...

So what to do?

Well you can modify your WIM file by adding the updates to it - depending on how many updates you need it will take you some time to list them (link on how to do it here) and then download them all (link on to how/where to get updates here).
There is one thing you should do which the above page about downloading them does not tell you - you need to copy each individual .msu file to a common directory - normally when you would use the above procedure you will get files saved in their own directories named by the updates themselves, but the DISM /Add-Package command expects for them all to be in the same directory (or you would have to run the DISM command for each and every .msu file individually).

Another way to solve this issue might be to just use the SxS directory from a machine with the same OS Version, already updated to the same level (like another 2012 server with GUI), share that directory over the network and use it as the source for your Core to GUI upgrade (did not try that one but supposedly it should work).

Well probably the easiest way to not fall down this specific hole is to actually install the GUI when installing the system for the first time, and then switch to the Core version without removing the payload. It will use some disk space (compared to the pure Core version), but other than that you should be fine.


Sending encrypted (7z AES-256) files to/from your Dropbox

Protecting your important files that you still want to have easily accessible on Dropbox can be done in multiple ways. There are quite some services out there that offer encryption on top of the existing Dropbox service, but most of them require installing additional software, or have some kind of limitations while using them on multiple OS/devices.
However using an open source utility souch as 7-zip enables you to do it a bit more multi OS capable, for no financial fee at all. It does however require you to utilise a set of scripts, which can be used for sending (encrypting) files to Dropbox and decrypting them when you want to access their content.

The article here by Anil Avadhani, describes how to create a set of scripts to utilise the above premisis - sending/encrypting and receiving/decrypting files on your Dropbox. It is focused on Windows OS (windows 7 to be precise), but with little shell scripting knowledge you can do the same on many varieties of GNU/Linux or BSD* OSs, probably also on Macs (I am not an expert on the latter). There are also utillities available for Android (I use ZArchiver) and iPhone that enable you to open files encrypted in such manner, so even if you are trying to access them via your mobile device you should be still able to do it.

What I have done here is changed a little bit of the scripts by Anil Avadhani, since his implementation uses password stored in plaintext inside the script itself, which is not up to my liking.

So I have created two simple scripts, one in PowerShell and one (a lot simpler) in WScript. You can utilise them by simple changing Anil's scripts in the following manner.
Anils original scripts (.bat files) conaint the following lines:
REM Set default password for encryption
SET keyphrase=Enter_Your_Password_Here_Using_Alphabets_And_Digits_Only

just change that to (add REM in front of the SET keyphrase=... line):
REM Set default password for encryption
REM SET keyphrase=Enter_Your_Password_Here_Using_Alphabets_And_Digits_Only

and add the following lines after it (uncommend - remove REM in front of the code you would like to use - WSCript - if you lack PowerShell or leave as it is to use PowerShell):
REM If your computer does not have PowerShell installed or if your execution policy is too restrictive use
REM the following VBS script, (less secure)
REM Read vbs script output and store it into a variable
REM for /f "tokens=*" %%i in ('cscript //nologo %~dp0Read_Pass.vbs') do set keyphrase=%%i
REM for computers with PowerShell use the following line
for /f "tokens=*" %%i in ('powershell -ExecutionPolicy Bypass -File %~dp0Read_Pass.ps1') do set keyphrase=%%i

You will of course need to add the two files to the same directory you have created Anils .bat files in. In my case I just put everything on the Dropbox folder and that way I don't have to recreate scripts on each computer I use them on, I just have to add the shortcuts to them to the "Send to" menu. Anils blog discribes the method on how to do it on Vista/Windows 7. To find the Send To folder on windows 8 just paste the following command into the run dialog:

Here are the actual code for the PowerShell part (just copy/paste-it into a new file with a .ps1 extension):
[void] [System.Reflection.Assembly]::LoadWithPartialName("System.Drawing") 
[void] [System.Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms") 
$objForm = New-Object System.Windows.Forms.Form
$objForm.Text = "Enter Password"
$objForm.Size = New-Object System.Drawing.Size(280,150)  #the size in px of the window length, height
$objForm.StartPosition = "CenterScreen" #loads the window in the center of the screen

$MaskedTextBox1 = New-Object System.Windows.Forms.MaskedTextBox
$MaskedTextBox1.PasswordChar = '*'
$MaskedTextBox1.Top = 40
$MaskedTextBox1.Left = 20

$MaskedTextBox2 = New-Object System.Windows.Forms.MaskedTextBox
$MaskedTextBox2.PasswordChar = '*'
$MaskedTextBox2.Top = 60
$MaskedTextBox2.Left = 20

$objForm.KeyPreview = $True
$objForm.Add_KeyDown({if ($_.KeyCode -eq "Enter") 
$objForm.Add_KeyDown({if ($_.KeyCode -eq "Escape") 

$OKButton = New-Object System.Windows.Forms.Button
$OKButton.Location = New-Object System.Drawing.Size(15,85)
$OKButton.Size = New-Object System.Drawing.Size(75,23)
$OKButton.Text = "OK"

$CancelButton = New-Object System.Windows.Forms.Button
$CancelButton.Location = New-Object System.Drawing.Size(90,85)
$CancelButton.Size = New-Object System.Drawing.Size(75,23)
$CancelButton.Text = "Cancel"

$objLabel = New-Object System.Windows.Forms.Label
$objLabel.Location = New-Object System.Drawing.Size(5,10) 
$objLabel.Size = New-Object System.Drawing.Size(250,30) 
$objLabel.Text = "Please enter the password into both fields and press OK to continue:"

$objForm.Topmost = $True

function SubmitPWD {
if ($MaskedTextBox1.Text -eq $MaskedTextBox2.Text)
Write-Host $MaskedTextBox1.Text
} else {
$objLabel.Font = New-Object System.Drawing.Font("Verdana",10)
$objLabel.BackColor = [System.Drawing.Color]::Red
$objLabel.Text = "Password entry mismatch, please reenter passwords:"
$MaskedTextBox1.Text = ""
$MaskedTextBox2.Text = ""
$OKButton.Text = "Retry"

[void] $objForm.ShowDialog()

and for the WScript it is a bit simpler, just a couple of lines:
' Read_Pass.vbs
' Read password (input string) and echo it to console
' Sadly does not have any kind of text hashing without using external dll files
' you can improve it by using dll from:
UserInput = InputBox( "Please enter the password (alphanumeric only): ", "Send to/from 7z AES/Dropbox PWD" )
WScript.Echo UserInput

And that should be it. If you find it usefull drop me a note. Big thanks to mr. Anil Avadhani for thinking of it and writing the instructions for the whole process in the first place.

Have fun...

Friday, 13 September 2013

Apt-Cache Server and Ubuntu

I have to admit, that I don't know how I lasted this long without an apt-cache server. Everytime I would update the systems I have on one of the locations I would download updates on each of the machines, because I was too impatient to wait for one of them to finish to go to the next one I ran them all simultaneously and of course that made it even worse ;) So now I finally set up the apt-cache server. Setting it up according to the Ubuntu help web page worked quite well, with one minor exception - Import of existing packages with the following command:
sudo /usr/share/apt-cacher/ -l /var/cache/apt/archives
That created the links in the apt-cacher directory, but afterwards would issue errors in the logs when trying to change the files there and the clients access was denied and they downloaded the files anew from the net.
So just skip that one (I did not try to import the whole CD/DVD image, don't know what that one does, but it might work better since it would copy files and not link them on disk).

So now, first time apt-get update or upgrade command fetches/refreshes the cache, the next machine that does the query gets files cached and downloads everything from the LAN with full speed ;)

For instructions just follow the above link, and you should be fine.

So happy apt-ing ;)