Crude backup utility #02

Having finally got my head around robocopy (as recommended by an anonymous commentator on this site !)  here is a syntax that works for an active directory – member computer:
  • robocopy "C:\Users\xxxxx\Desktop\USB\A folder" I:\ *.* /e /zb /copyall /eta /log:I:\backup.log /tee

The important elements here are:

  • "C:\…" is the source folder; if there are spaces in the path, you must include quote marks;
  • I:\ is a USB key, which is the destination path; again if this includes spaces you must use quote marks;
  • *.* are they types of files you want to copy; this stands for everything, *.doc would only copy Microsoft Word documents (for example);
  • /e copies the entire subfolder tree.

I’ll edit this to include all the switches when I remember.

VMWare CD drive

If you use VMWare workstation and haven’t discovered this yet, you can use an ISO CD/DVD image instead of an actual physical CD Drive. This makes VMWare workstation much more flexible- you can build an entire OS + all necessary applications without having to fiddle around with CDs, just switch to a different ISO image at any point.

Google search tip

You may or may not know this already, but by adding "<space>" to the end of your Google query you can limit your results to a specific website- so, for example, "9/11" will ask Google to return pages about 9/11 specifically from BBC news rather than the whole web.

Suggested PC operating system configuration

Obviously this is only a suggestion and doesn’t take into account more advanced hardware options- if you have enough physical hard disks for a RAID5 array then I think it’s worth sacrificing the suggestions below for RAID5 (where your 3 disks become one, losing any option of moving the virtual memory to another hard disk).

Configuration 1- single hard disk.

It’ll depend on your OS, but for Windows XP I would have two partitions; a 30GB partition for XP, and the remaining space for your data (photos, saved games, office documents etc).

Configuration 2- 2 x hard disks.

Pretty much as above, but dedicate 1 HD to Windows XP and the other to your data, but move the swap file (virtual memory- see "Virtual Memory" section below) to the second hard disk; this should speed up your PC slightly (and "slightly" means probably in the realm  of nano- or milli- seconds, not whole seconds).

Virtual Memory.

To reconfigure virtual memory on windows XP (possible also Windows 2000 and Vista), follow these instructions (also as shown in the attacehd image).

  • Right click "My Computer"
  • Choose the "Properties" option
  • Once the "System Properties" page is shown, choose the "Advanced" tab
  • Choose the "Performance" > "Settings" button
  • When the "Performance Options" page is displayed, choose the "Virtual memory" > "Change" button
  • You should see a list of drives/ partitions listed in the page now displayed; by clicking on a drive/ partition and the "Custom size" radio button you can alter the size of the virtual memory on different drives-setting the virtual memory on one drive to 0MB (effectively turning it off) and moving it to another drive. This way you can move the virtual memory available to XP to a different physical drive- so if drive C: is one physical hard drive and drive D: is another physical drive, set the size of the virtual memory on drive C: to 0 MB and the size on drive D: to roughly twice the amount of physical memory you have (e.g. 3072 MB for 1.5GB of RAM; 8192 MB for 4GB of RAM).

Another tip is to fix the size of the virtual memory to a certain amount- so instead of setting the custom size to between 2048-3072, just set both sizes to 3072-3072. This means Windows won’t have to adjust the size of the virtual memory while it’s running- it sets of block of disk space when the PC starts and can just fill it up as needed without having to adjust the size of the file it uses as virtual memory.

But a word of warning; only adjust the virtual memory if you have a different physical drive available. I think it might make things worse (slower) if you set virtual memory on a different partition of the same physical drive as the drive will have to work harder to use the virtual memory by switching from the operating system partition to the virtual memory partition.

Password security

Okay… having just found this site (!1pt1v0Q4vD8jSvNS4lqdAuug!246.entry) I thought I’d provide a few more hints about good passwords ! But ultimately the comment by EshuunDara is what’s needed; multiple-stage authentication using smartcards, passwords etc… But then this isn’t always possible or practical.

A couple of tips for creating secure but still (hopefully) quite easy to remember passwords:

  • Use your mobile ! Some Nokia’s have a PIN protected "Wallet"; I’m not saying it’s uncrackable (I’d probably be horrified) but it must be safer than a post-it note on the monitor (surely ?).
  • Use non-English words. It might not be very secure but I used Ophcrack ( yesterday and it failed to find a simple word with a number attached- and I’m assuming that this was because it was non-English, not because the password was particularly secure.
  • Contract a meaningful phrase into a password: "I went on holiday to Barbados in 2007" becomes "IwohtBi2007". Make it harder; switch the "to" for a "2" and use the last two digits of the year: "Iwoh2B07". This would be much harder than just "Barbados07", is a fairly random mix of characters but still quite memorable.
  • Make the password as long as you can manage- I’m not sure of the maths, but each extra character makes the passwsord a lot harder to crack (using things like capitals, symbols and numbers helps a lot too, but beware using symbols that can change places or meaning on different language keyboards layouts- the # and £ swaping places, for example)
  • Of course, if you can actually remember random numbers then all the better…

Active Directory replication part 2

Make sure you’ve read part 1 before using this entry.
You should now have a command line window open running on a remote domain controller (a "faulty" one) as a domain admin user thanks to psexec with it’s Z: drive mapped to a path on the netlogon share of your domain controller. Next:
  • type "z:\ntfrs.cmd SourceDomainController DestinationDomainController"
  • Where SourceDomainController is your "master" dc, DestinationDomainoController is the dc that isn’t replicating properly.
  • The batch file uses a couple of registry keys + services to force the faulty dc to receive the whole AD configuration again; the detail is that it stops the File Replication Service, inserts a registry key to force the FRS service to receive the entire (working) FRS partition, re-starts the FRS service, forces a full replication both ways between the two domain controllers, sets the same registry key back to 0 (to stop the FRS partition replicating in its entirety) then quits.

Active Directory replication part 1

I’m splitting this entry into two deliberately, as there are two seperate batch files involved + it’ll become messy.
We’ve had a problem recently with our sites getting out of synchronisation + therefore being unable to replicate and I’ve been searching for the least disruptive/ dangerous fix so have come up with the following automated system. You’ll need this download from my public Windows folder:
  • You will need to modify some of the configuration of the following batch files to match your Active Directory set-up; I haven’t had time to investigate whether I can create wildcard batch files that will pick up FQDNs etc, nor can I tell what other people’s servers are called.
  • The contents of the "AD Replication" folder ( (psexec.exe is part of SysInternals suite-; if you’re a Windows server administrator and haven’t used the SysInternals suite before then take a look- they’re brilliant Windows tools.)
  • Copy the entire "AD Replication" folder to the netlogon share of a domain controller- preferably a stable one.
  • There are two batch files in the above folder. The first one you need is "start.cmd" which takes two parameters: the first is a domain controller, the second is an old-style (NT4) username. So type in the path to the cmd file followed by the two parameters, like this:
  • \\YourDomainController\FolderName\start.cmd YourDomain\AnyDomainAdminUser
  • The path I’m using in the two batch files is \\DomainController\netlogon\ServerApps\NtfrsRep\ but these can easily be changed as long as you modify all the paths in both cmd files (otherwise this system will (a) not work and (b) could mess things up badly !)
  • This cmd file start psexec with domain admin rights (a bit dangerous !) and runs a remote command line with drive Z: mapped to the path you put in above(\\YourDomainController\FolderName\) on the server you want to fix.
  • Now read part two !