使用PowerShell获取用户权限

1 前言

日常工作中,我们可能会需要查询某个用户在文件服务器上对哪些文件具有何种权限。这个需求看起来很简单,但实际操作起来却没那么容易。

icacls可以导出一个aclfile,但这个aclfile的内容很不友好,也难以搜索。如果牵扯到的文件非常多,基本无使用价值。Sysinternals有一个AccessChk工具倒是可以获取用户的权限,但目前的版本无法支持中文。

PowerShell可以实现这个需求。

Continue reading ‘使用PowerShell获取用户权限’ »

点击量:138

Let's Encrypt证书的一些操作(Certbot)

1 前言

Caibaoz.com用Let's Encrypt的证书实现SSL加密(也就是HTTPS),但如果遇到网站迁移、或者子域名也需要HTTPS的时候,应该如何操作?本文简要回答这2个问题。

需要说明一点,Let's Encrypt本身只是一个CA机构,只负责证书的发行,证书的申请和自动续订是使用工具实现的。我使用Certbot这个工具,因此本文的内容也主要是Certbot的一些命令。

最后,本文只适用于具有shell访问权限的情况(自己搭web服务器)。

1.1 软件版本

操作系统:Debian 9

Web服务器:Apache 2.4

Certbot:根据Certbot安装文档Debian backports安装的版本 Continue reading ‘Let's Encrypt证书的一些操作(Certbot)’ »

点击量:277

全站https

1 操作

运行mariadb monitor:

mysql

选择wordpress的数据库(按实际数据库名替换斜体字部分):

MariaDB [(none)]> use wpadmin;

把博客文章里的http://caibaoz.com替换成https://caibaoz.com(按实际域名替换斜体字部分):

MariaDB [wpadmin]> UPDATE wp_posts SET `post_content` = REPLACE (`post_content`, 'src="http://caibaoz.com', 'src="https://caibaoz.com');

如果网站具有多个站点,需要针对每个站点都运行一次类似命令(把wp_2_posts中的“2”替换为实际的站点ID):

MariaDB [wpadmin]> UPDATE wp_2_posts SET `post_content` = REPLACE (`post_content`, 'src="http://caibaoz.com', 'src="https://caibaoz.com');

2 参考文档

2.1 Replacing Image Links in WordPress After Installing an SSL Certificate

2.2 Error 1046 Mariadb: No database selected

点击量:59

Windows Server Backup 2155348301错误

2016年11月27日更新:文件服务器杀毒软件用的是Kaspersky Security 10 for Windows,更换成Kaspersky Security 10 for Windows Server才最终解决。下面的内容权当参考好了。

1 现象

文件服务器,操作系统是Windows Server 2008 R2 Enterprise。E:\SharedFiles目录使用Windows Server Backup备份到本地磁盘G上,每天备份一次。

实际执行此备份计划的时候,只能成功备份2天,从第3天开始,备份就无法成功。删除备份数据后,又可以成功备份2天,从第3天开始,备份依然失败。

“事件查看器->Windows 日志->应用程序”中会有这样的错误信息:

windows-server-backup-error-2155348301_01

Continue reading ‘Windows Server Backup 2155348301错误’ »

点击量:128

WindowsXP启用路由及NAT功能

1 需求简述

enable-routing-and-nat-of-windows-xp_01

如上图,服务器和两台PC机都是WindowsXP系统,想要从PC机上访问专线网络中的网址http://10.3.3.3。但专线网络终止于服务器的网卡2,专线中的路由器也没有添加通向192.168.1.x/24的路由。在这种情况下,可以启用服务器的路由功能和NAT功能,以实现我们想要的效果。

Continue reading ‘WindowsXP启用路由及NAT功能’ »

点击量:154

How to create or move a global catalog in Windows Server 2003, Windows 2000, or Small Business Server 2000

公司域控制器是Windows2000系统,虚拟化过程中遇到USN Rollback问题,根据此文解决,于是转载之。
原文链接:https://support.microsoft.com/en-us/kb/313994

SUMMARY

This article explains how to create a new global catalog server. This may be necessary if you need additional global catalog servers (e.g. to support an Exchange 2000 roll out) or if you want to move the global catalog server role to a different domain controller.

There may be occasions when it is necessary to create a new global catalog to replace an existing one, or to add a new global catalog. Microsoft recommends the following method:

  1. Create a new global catalog on a second domain controller.
  2. Wait for the account and the schema information to replicate to the new global catalog. For single domains, this is relatively straightforward. For multiple domain networks, full replication will take additional time, depending on the complexity of the network. The new global catalog will be created by normal Active Directory (AD) replication and depending on the structure of your AD forest, this replication could take considerable time.
  3. Remove the global catalog from the original domain controller (optional).

By default, Windows 2000 will only place a Global catalog on the first Domain Controller in each AD forest.
Continue reading ‘How to create or move a global catalog in Windows Server 2003, Windows 2000, or Small Business Server 2000’ »

点击量:53

Using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller

公司域控制器是Windows2000系统,虚拟化过程中遇到USN Rollback问题,根据此文解决,于是转载之。
原文链接:https://support.microsoft.com/en-us/kb/255504

SUMMARY

This article describes how to use the Ntdsutil.exe utility to transfer or to seize Flexible Single Master Operations (FSMO) roles.

MORE INFORMATION

Certain domain and enterprise-wide operations that are not good for multi-master updates are performed by a single domain controller in an Active Directory domain or forest. The domain controllers that are assigned to perform these unique operations are called operations masters or FSMO role holders.

The following list describes the 5 unique FSMO roles in an Active Directory forest and the dependent operations that they perform:

  • Schema master - The Schema master role is forest-wide and there is one for each forest. This role is required to extend the schema of an Active Directory forest or to run the adprep /domainprep command.
  • Domain naming master - The Domain naming master role is forest-wide and there is one for each forest. This role is required to add or remove domains or application partitions to or from a forest.
  • RID master - The RID master role is domain-wide and there is one for each domain. This role is required to allocate the RID pool so that new or existing domain controllers can create user accounts, computer accounts or security groups.
  • Continue reading ‘Using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller’ »

点击量:58

How to remove data in Active Directory after an unsuccessful domain controller demotion

公司域控制器是Windows2000系统,虚拟化过程中遇到USN Rollback问题,根据此文解决,于是转载之。
原文链接:https://support.microsoft.com/en-us/kb/216498

SUMMARY

This article describes how to remove data in Active Directory after an unsuccessful domain controller demotion.

Warning If you use the ADSI Edit snap-in, the LDP utility, or any other LDAP version 3 client, and you incorrectly modify the attributes of Active Directory objects, you can cause serious problems. These problems may require you to reinstall Microsoft Windows 2000 Server, Microsoft Windows Server 2003, Microsoft Exchange 2000 Server, Microsoft Exchange Server 2003, or both Windows and Exchange. Microsoft cannot guarantee that problems that occur if you incorrectly modify Active Directory object attributes can be solved. Modify these attributes at your own risk.

The Active Directory Installation Wizard (Dcpromo.exe) is used for promoting a server to a domain controller and for demoting a domain controller to a member server (or to a stand-alone server in a workgroup if the domain controller is the last in the domain). As part of the demotion process, the wizard removes the configuration data for the domain controller from Active Directory. This data takes the form of an NTDS Settings object that exists as a child of the server object in Active Directory Sites and Services.

Continue reading ‘How to remove data in Active Directory after an unsuccessful domain controller demotion’ »

点击量:83

Domain controllers do not demote gracefully when you use the Active Directory Installation Wizard to force demotion in Windows Server 2003 and in Windows 2000 Server

公司域控制器是Windows2000系统,虚拟化过程中遇到USN Rollback问题,根据此文解决,于是转载之。
原文链接:https://support.microsoft.com/en-us/kb/332199

SYMPTOMS

Microsoft Windows 2000 or Microsoft Windows Server 2003 domain controllers may not gracefully demote by using the Active Directory Installation Wizard (Dcpromo.exe).

CAUSE

This behavior may occur if a required dependency or operation fails. These include network connectivity, name resolution, authentication, Active Directory directory service replication, or the location of a critical object in Active Directory.

RESOLUTION

To resolve this behavior, determine what is preventing the graceful demotion of the Windows 2000 or the Windows Server 2003 domain controller, and then try to demote the domain controller by using the Active Directory Installation Wizard again.

Continue reading ‘Domain controllers do not demote gracefully when you use the Active Directory Installation Wizard to force demotion in Windows Server 2003 and in Windows 2000 Server’ »

点击量:84

How to detect and recover from a USN rollback in Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2

公司域控制器是Windows2000系统,虚拟化过程中遇到USN Rollback问题,根据此文解决,于是转载之。
原文链接:https://support.microsoft.com/en-us/kb/875495

SUMMARY

This article describes a condition that occurs when a domain controller that is running Windows 2000, Windows Server 2003, Windows Server 2008, or Windows Server 2008 R2 starts from an Active Directory database that has been incorrectly restored or copied into place. This condition is known as an update sequence number rollback, or USN rollback.

When a USN rollback occurs, modifications to objects and attributes that occur on one domain controller do not replicate to other domain controllers in the forest. Because replication partners believe that they have an up-to-date copy of the Active Directory database, monitoring and troubleshooting tools such as Repadmin.exe do not report any replication errors.

After hotfix 875495 or Windows Server 2003 Service Pack 1 is installed, a Microsoft Windows Server 2003 domain controller logs Directory Services event 2095 when it encounters a USN rollback. The text of the event message directs administrators to this article to learn about recovery options.

Continue reading ‘How to detect and recover from a USN rollback in Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2’ »

点击量:60