Saturday, January 31, 2009

Insert utf-8 unicode data with PHP and MS SQL Server

The n- columns offer the best solution. I would give ADODB another
shot. COM is problematic in PHP4. Support might have improved in PHP5.
In theory, if you pass CP_UTF8 as codepage to COM(), you'd get UTF-8
text out of the resultsets. I remember that when I tried it though,
nothing happened. This was a couple years ago. Maybe newer versions of
ADODB would work better.

If you're using PHP on a Windows platform you can use the PHP COM
extension to communicate with SQL Server via ADO. The PHP COM extension
is capable of translating UTF-8 to UCS-2 and back if you specify so as
the third parameter:

$oDb = new COM('ADODB.Connection', NULL, CP_UTF8);

This way you can use Unicode UTF-8 within PHP and Unicode UCS-2 within
SQL Server with all the translations done for you automatically.

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<form action="p.php" method="POST">
password<input type="text" name="password">

note<input type="text" name="note">

<input type="hidden" name="submist_info" value="yes">
<input type="submit">
$myServer = "localhost";
$myUser = "";
$myPass = "";
$myDB = "";

//create an instance of the ADO connection object
$conn = new COM ("ADODB.Connection", NULL, CP_UTF8)
or die("Cannot start ADO");

//define connection string, specify database driver
$connStr = "PROVIDER=SQLOLEDB;SERVER=".$myServer.";UID=".$myUser.";PWD=".$myPass.";DATABASE=".$myDB;
$conn->open($connStr); //Open the connection to the database

//declare the SQL statement that will query the database
$query = "SELECT TOP 1 * FROM my_member ORDER by ID desc";

//execute the SQL statement and return records
$rs = $conn->execute($query);

$num_columns = $rs->Fields->Count();
echo $num_columns . " Fields

for ($i=0; $i < $num_columns; $i++) { $fld[$i] = $rs->Fields($i);

echo "";

while (!$rs->EOF) //carry on looping through while there are records
echo "";
for ($i=0; $i < $num_columns; $i++) { echo "";
echo "";
$rs->MoveNext(); //move on to the next record

echo "
" . $fld[$i]->value . "

if( $_POST['submist_info'] == "yes" ){
$password = $_POST['password'];
$note = $_POST['note'];

//$password = mb_convert_encoding($password,"UCS2","UTF-8");
//$note = mb_convert_encoding($note,"UCS2","UTF-8");

// Note: the N before the value data. N stands for National Character for inserting unicode utf-8 to SQL server
$query = "INSERT INTO cwn_member ( name, password, note2 ) VALUES ( 'dan".$i."', N'".$password."', N'".$note."' ) ";


//close the connection and recordset objects freeing up resources


$rs = null;
$conn = null;


on top of the script:


before querying data:

SET NAMES 'utf8';

use php to connect to MS SQL server

$myServer = "localhost";
$myUser = "";
$myPass = "";
$myDB = "";

//create an instance of the ADO connection object
$conn = new COM ("ADODB.Connection")
or die("Cannot start ADO");

//define connection string, specify database driver
$connStr = "PROVIDER=SQLOLEDB;SERVER=".$myServer.";UID=".$myUser.";PWD=".$myPass.";DATABASE=".$myDB;
$conn->open($connStr); //Open the connection to the database

//declare the SQL statement that will query the database
$query = "SELECT * FROM test_member";

//execute the SQL statement and return records
$rs = $conn->execute($query);

$num_columns = $rs->Fields->Count();
echo $num_columns . "

for ($i=0; $i < $num_columns; $i++) {
$fld[$i] = $rs->Fields($i);

echo "";

while (!$rs->EOF) //carry on looping through while there are records
echo "";
for ($i=0; $i < $num_columns; $i++) {
echo "";
echo "";
$rs->MoveNext(); //move on to the next record

echo "
" . $fld[$i]->value . "

//close the connection and recordset objects freeing up resources

$rs = null;
$conn = null;

Friday, January 30, 2009

Permission Issue After Backup & Restore

Permission Issue After Backup & Restore

I have a system at work and 1 at home. When I backup the db from my work system and restore it to my home system, the user permissions are not working. I checked the properties of the database under the Permissions tab and I see Users, but when I click the Effective Permissions button, I get an error "Cannot execute as the database principal because "user_me" does not exist,..."

I check the Microsoft KB and got a hit, but that is for database ownership, not user permissions. I've had to work around this by creating a new user on my home system, but I would really like to figure out how to keep the same user name, etc. to keep the 2 systems the same. Thanks!

BTW, the SQL Server 2005 Express error message ID is 15517 and LinkId is 20476, but there is no page for this link when I click on it.


When you back up and restore you have to rerun the permissions script if you have one or re-issue the permissions manually for the users you had earlier.

You can generate the scripts for creating the permissions from your souce server. compile/execute them on the second server.

I think I have the procedure. Select DB, right-click, Tasks, Generate Scripts.

I'll select the Users and permissions to generate. Thanks for your help! I'll post when I complete the task.

The final fix was to drop the user from the database properties dialog. That way the login on the server where I restored the database could be assigned to the restored database without the "user already exists" error.


Score: SQL Server Express 2005 1 Me 1


l'll call it a night!

Missing Sql Server Management Studio - solution

Missing Sql Server Management Studio - solution
The other day I was installing SQL Server 2005 and realized that the installation did not install Management Studio. So I reinstalled the sql tools from the CD but that didn't work so I uninstalled and reinstalled, still no luck. The only item which would show up under start-> programs-> Microsoft SQL Server is the Configuration Tools. If you are having the same issue you've come to the right place.


SQL Server Management Studio did not install with sql server 2005


When installing visual studio you may have installed SQLExpress, which created a tools folder in "C:\Program Files\Microsoft SQL Server\90". SQL Server installation will look for that folder and if it's found it will simply move on.

Solution: Rename the tools folder in C:\Program Files\Microsoft SQL Server\90 and then reinstall the tools and components off the CD.

This solution seems to be working for most people. Give Props to Koti for solving the problem.

KOTI: Recommends re-installing tools by gonig to set-up files and double clicking "SqlRun_Tools" exe file, then selected necessary tool to be installed. which worked like gem.

Hope this helps someone out.

Pete Orologas

Published Thursday, October 12, 2006 5:04 AM by Porologas
Comment Notification
If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Brent Arias said:
I think MS discovered this valuable solution of yours, and disabled it. I ran into the same problem (WinXP, Visual Studio 2005 Professional installed, then installed SQL Server 2005) of not having Management Studio. When I renamed the directory you mentioned, it just caused all kinds of problems with the installer (and the installer would just re-create the directory immediately anyway, sans studio).

But another trick worked. After I select the tools component for installation, using the tools installer executed directly from the CD, the next step says something like "the following items are already installed, and so are ignored" - it lists a documentation component as already installed, and shows a checkbox by it. It gives no explanation of what the check box is for. If you simply hit "next," you are told the installer has nothing to do (and you are doomed). But If you click the check box on the documentation item and hit next, it causes the tools to be uninstalled and re-installed with management studio. Problem solved.

What could possibly be more intuitive?

December 6, 2006 12:26 AM
Guli Polla said:
I have 64but version and neither of these options worked for me

Nothing happens if I change the name tools folder in either the 64bit or x86 paths

and the check box is not aviable as per the second solution!!!

December 13, 2006 5:48 AM
John Reynolds said:
I have a Visual Studio 2005 upgrade to VS '03. I had to reinstall Windows, and so directly installed VS without first installing the older version. Visual Studio installed, but I was never able to get SQL Svr management studio to install because it was "already installed". I finally clicked on "More Information" or some such, after which I found out that it's an upgrade and I have to install Sql Server 2000 first.

I'm beginning to hate the way Microsoft treats its paying customers.
February 7, 2007 2:31 PM
Lu Cao said:
I got same problem with SQL Server 2005.
I installed Visual Studio 2005 first, then install SQL SERVER 2005 64bit on Vista 64bit OS. but not install SQL Server Management Studio. tied to download form MS webstie. got error code "29506". tied uninstall SQL server 2005, not successed.
tied detele register on REGEDIT. reinstall SQL SERVER 2005 64bit. still not installed SSMS.

I dont know what can i do now. only way reload OS. but have to call MS actived OS and Microsoft 2007. so bad.
April 3, 2007 7:02 PM
koti said:
Hi, when i faced same issue, i tried to re-install tools by gonig to set-up files and double clicking "SqlRun_Tools" exe file, then selected necessary tool to be installed. which worked like gem.

Hope this helps you all.
April 27, 2007 8:54 AM
Matrix1000 said:
What koti said worked for me! Thanks!!!
April 29, 2007 10:31 PM
Carla said:
I did the suggestion from Koti and it worked!! Been fighting with this for days...thanks so much!
May 4, 2007 9:19 AM
Grant said:
Koti's suggestion worked perfectly for me! Unbelievable that this is such an issue...methinks Microsoft has some work to do on this one. Thanks Koti!
May 7, 2007 12:15 PM
Jim said:
On vista. i had VStudio 2005 and had the same problem after installing sql 2005 developer.

steps i did
1) remove sql server in control panel / programs (it will give you an option of express sql and sql 2005) - VS 2005 seems to install express sql without any option.
2) select and remove express 2005 with all the rubbish
3) run SqlRun_Tools from the cd .
4) follow thru the installation and it works
May 14, 2007 4:47 AM
Hoa said:
Thanks for the solution.
May 19, 2007 3:49 AM
Larry D said:
Having the same issue as Jim. His solution did the deed. Thanks Jim
June 5, 2007 8:54 PM
Gra said:
Thanks so much for the info guys, my head was wrecked!
I didnt need to rename the folder, simply ran the SqlRun_Tools exe
June 13, 2007 3:42 AM
John Reynolds said:
Thanks for this solution! Add me to the list of those who were having this problem. I needed Management Studio, and not the Express version, so I could more easily copy a database.

(I'm a different John Reynolds than the one who posted above. What are the odds?)
June 14, 2007 9:34 AM
Myron Bollman said:
I had this problem also, and simply ran the SqlRun_Tools and all is fixed! Thanks for the hints.
June 14, 2007 11:38 AM
elpres said:
the file is called sqlRun_tools.msi on my disc, the solution worked fine.. im soooo glaaad, i hvae been looking for studio mangement in a week.
June 15, 2007 3:50 AM
Mattisimo said:
I was installing the x64 version of SQL and didn't get the MS. Thank you so much for your help. I wish I had searched before assuming there was something wrong with windows and reinstalling my OS.

Looks like it puts a lot in the x86 fodler when it does it correctly.

Thanks again. *tips hat*
June 20, 2007 12:48 PM
Christian Donner said:
This did not work for me, unfortunately, and I am still investigating. I assume it is because I upgraded to SP1 after the install and Windows applied several patches. Anyways, I am getting this error:

A component that you have specified in the ADD_LOCAL property is already installed. To upgrade the existing component, refer to the template.ini and set the UPGRADE property to the name of the component.
July 9, 2007 8:07 AM
Christian Donner said:
An update and a clarification: what did not work for me was the selective update of the client components. My distribution comes with a SqlRun_Tools.msi, not an exe. When I ran it I got the above error.
However, I was able to get the missing components by uninstalling the SQLExpress from the SQL Server setup (Control Panel, add/remove programs) - not the Visual Studio setup that originally installed. Once the Express edition was gone, I was able to re-run the SQL Server setup (the full version that auto-runs from the DVD) and install the missing pieces. I subsequently had to re-run the SP2 (not 1 as I misstated earlier) setup as well and it was only applied to the newly installed pieces.
July 9, 2007 9:26 AM
Jun said:
I got the same error with Christian Donner when I run the SqlRun_Tools.msi. But I don't want to uninstall the SQL server express edition since it is used for some vs2005 projects. Is there any solution without uninstalling SQL Express?

I have tried to rename the Tools folder and run SqlRun_Tools.msi again, not working either.
July 20, 2007 9:11 AM
Olen said:
My god, two computers, two installs. On the laptop, I had Sql 2005 express installed. So I uninstalled it. I uninstalled the mobile edition that was on there too. Then I found out that I needed to install IIS. Maybe I did, maybe not, but I installed. Then I had to run the install from the command line with an update parameter set because I still have other instances of SQL Server on the laptop. Finally, I got the tools to install. I think maybe I could have installed from the command line from the beginning and would not have had to go through all the trouble. I saw the management software. Now, since I'm on Vista, I then had to install service pack 2. It works now.

On my Desktop, I had already installed Sp2 when I realized I had an issue. So, I had to uninstall everything. It looks good now.

I've spent 3 hours with this. The install is very slow.
July 21, 2007 2:40 PM
Manny said:
already installed sp2 on standard and had sql express instance installed.
had to go to control panel and choose remove on SQL Server 2005. (was prepared to start again from scratch) Fortunately, there was an option to remove only workstation components. (the documentation was of a higher version number than what was on the DVD which was blocking the install) After that, using Koti's solution worked great!
July 27, 2007 11:12 AM
BIzz said:
File is called sqlRun_tools.msi on mine too the solution worked a treat, thanks Guys...
August 6, 2007 7:00 AM
vandba said:
Thanks for the solution! It works for me too.

August 8, 2007 9:38 AM
KAULIK said:
Hi guys,
I am Having the same problem.
I have searched the whole PC & SQL Server 2005 DVD for the "SqlRun_Tools.msi" but couldnt found .
please help me .

August 11, 2007 3:00 AM
The Chad said:
Manny's solution worked a charm......sound....
August 13, 2007 7:05 AM
veron said:
hey am havin da same problem ......plis help me
September 5, 2007 7:55 AM
jospeh said:
Neither of the above two solutions works for me,why?
September 15, 2007 10:51 AM
Ryan said:
Worked like a charm!!! Saved me so much time. Microsoft has officially become the bain of my existance this week. Also remember to rename the Tools directory to something like 'Tools_bak'.

September 28, 2007 11:10 AM
Eugene said:
Thanks a lot! it work!
October 2, 2007 1:29 PM
Eugene said:
Thanks a lot! it works!
October 2, 2007 1:29 PM
Mank said:
I had problems with it on Vista.

The solution was to remove SQl Express and then remove the Workstation Components from SQl Server 2005.
October 3, 2007 9:42 AM
Elmar said:
Thanks Koti, saved me a lot of time!
Just ran $\Tools\Setup\SqlRun_Tools.msi and got my Management Tools installed from there.
October 9, 2007 1:05 AM
Chris Mosby’s IT Blog » Blog Archive » SQL Express 2005 Advanced Won’t Install Studio said:
PingBack from
December 22, 2007 6:13 AM
Chris Mosby’s IT Blog » Blog Archive » SQL Express 2005 Advanced Won’t Install Studio said:
PingBack from
December 23, 2007 6:31 PM
Rohit said:
I also got the same problem of Management studio not getting installed
January 7, 2008 8:53 PM
Huxley said:
Thanks allot guys, this worked for me. I used Manny's solution but when i was trying to open SqlRun_Tools.msi i got some errors. If you are facing this problem try this. After you have installed the sql server and downloaded the sp2. Go to programs in control panel, click remove Microsoft sql server 2005 and only chose the workstation components. After that start the sql install agen and then only install the workstation components. this worked for me, hope this helps someone.
January 10, 2008 4:23 AM
Pooya said:
Thanks Huxley.
Huxley's solution works!
January 20, 2008 1:54 AM
om said:
omg so annoying,

I tried the sqlRun_tools.msi and it ran but I got some cryptic error message when trying to open management studio. I then read somewhere else that you have to re-apply SP2. So, I went to Microsoft updated and re-applied SP2 and it now works!!!

This was on the 64x version
January 29, 2008 12:45 PM
Nathan Heberley said:
Thanks guys,

The solution that worked for me was to
1. uninstall Express and the workstation components.
2. Then run SqlRun_Tools.exe
3. reinstall workstation components

My issue is that I had some third party software that was using express and now I have to install them again.

Thanks for your help guys
January 30, 2008 3:15 PM
Brent Welke said:
I too had prolems not being able to install until I also installed "windows installer Cleanup Utility". Google it, install from Microsoft.

Like me you may find some extra installs of "SQL 2005 Express tools" installed on your machine that you are not seeing in the "Add Remove Programs". This utility will help you delete them so you can install then again.

January 31, 2008 4:41 PM
Fist said:
Ok neither of these stuff did not work and i wanted to keep SQL Express. Here is what you do:

1. Rename "Tools" directory
2. Go to Add/Remove Programs and click on "SQL Server 2005" - remove
3. Click on "Workstation Components" and remove them
4. When that is done click again on "SQL Server 2005" this time "Change"
5. At the top you will notice a blue link that gives you option to install additional stuff
6. Click that and it will prompt you for "Setup.exe" find it in second cd of SQL Server (tools cd)
7. Add all stuff
8. Install

All done :)

Hope it helped
February 3, 2008 8:40 AM
Gajendran said:
thanks a lot. its very useful to me
February 5, 2008 9:30 PM
Plavvy said:
i had the same problem using SBS2003. I ran the install from the command line with the switch -> SKUUPGRADE=1. This then allowed me to override the previous installation.
February 6, 2008 6:18 AM
dattard said:
The sqlrun_tools solution worked for me. Cheers.
March 4, 2008 12:11 AM
Chuck said:
Yet another satisfied customer. Thanks for the info.
March 6, 2008 5:26 AM
KayDsouza said:
Wow that was helpful! Worked like a charm.
March 6, 2008 10:03 PM said:
PingBack from
March 26, 2008 1:53 AM
Ross Hawkins said:
April 20, 2008 9:30 PM
FREE STUFF! SIGN UP FOR FREE! - Page 49 - Money in the Bank | Money Maker | Make Money Online said:
PingBack from
May 6, 2008 8:48 PM
Sql Server 2005 Kurdum Management ? yok ? - Webmaster Forum & Webmaster Okulu said:
PingBack from
May 9, 2008 4:22 PM
sql server management studio said:
PingBack from
May 14, 2008 6:40 PM
CSIS blogs said:
Over the summer I went over various SQL server configurations that could work with/for our students in the labs (and also to be better informed when the inevitable questions would arise). I also wanted to be able to explore the wonderful new Integration
August 28, 2008 4:18 PM
CSIS Blogs said:
Over the summer I went over various SQL server configurations that could work with/for our students in the labs (and also to be better informed when the inevitable questions would arise). I also wanted to be able to explore the wonderful new Integrat
September 2, 2008 3:03 PM
Wayne Larimore - his Bloggin' Weighs said:
Missing SQL Server Management Studio
October 21, 2008 8:36 AM
instalacja MSSQL2005 developer edition na Vista Premium | hilpers said:
PingBack from
January 18, 2009 7:23 AM

Wednesday, January 28, 2009

ASP .. CDO.Message .. Charset (or Encoding) utf-8 unicode


Its the 8bit transfer encoding on the html part which is causing the
problem. It should be quoted-printable like the plain text alternative
part. I've come acroess this before on Win 2003 machines where CDO chooses
8bit encoding despite it being an in appropriate encoding for sending via

Trying adding this line before sending:-

..HTMLBodyPart.ContentTransferEncoding = "quoted-printable"

' ### sendMail to Multiple people. Separated by ; semi-colon (no spare in between)
Function sendMail( sender, mailList, subject, strBody)
bodyformat = 0 ' 0:HTML, 1:text
mailformat = 0 ' 0:MIME, 1:text

set objmail = Server.CreateObject("CDO.Message")
objmail.From = sender
' objmail.TextBodyFormat = bodyformat
' objmail.MailFormat = mailformat
objmail.Subject = subject

'objmail.To = mailList
objmail.Bcc = mailList
'objmail.Cc = ""

objmail.HTMLBody = strBody
objMail.HTMLBodyPart.Charset = "utf-8"
objMail.HTMLBodyPart.ContentTransferEncoding = "quoted-printable"

'objmail.TextBody = strBody
'objMail.TextBodyPart.Charset = "utf-8"
'objMail.TextBodyPart.ContentTransferEncoding = "quoted-printable"


set objmail=Nothing
'Response.Write "Done! mail has been sent!" & strBody & "

" & mailList
'sendMailx = "done!"
End Function

The "Send As" right is removed from a user object after you configure the "Send As" right in the Active Directory Users and Computers snap-in in Excha

The "Send As" right is removed from a user object after you configure the "Send As" right in the Active Directory Users and Computers snap-in in Exchange Server
View products that this article applies to.
Expand all | Collapse all
SYMPTOMSYou explicitly configure the Send As right on a user object in the Active Direct...You explicitly configure the Send As right on a user object in the Active Directory Users and Computers snap-in in Microsoft Exchange Server. However, the Send As right is removed from the user object about one hour after you configure the Send As right.

Additionally, other changes that you made to the security descriptor on the user object may be removed. For example, the Allow inheritable permissions from parent to propagate to this object check box may no longer be selected.

If you have an environment that includes Microsoft Exchange Server 5.5 and a functioning Active Directory Connector (ADC), Exchange Server 5.5 mailboxes that are configured to use Active Directory user accounts that are members of protected groups may appear as "CUSTOM" in the Exchange Server 5.5 Administrator program.
Back to the top
CAUSEThe Active Directory directory service has a process that makes sure that member...The Active Directory directory service has a process that makes sure that members of protected groups do not have their security descriptors manipulated. If a security descriptor for a user account that is a member of a protected group does not match the security descriptor on the AdminSDHolder object, the user's security descriptor is overwritten with a new security descriptor that is taken from the AdminSDHolder object.

The Send As right is delegated by modifying the security descriptor of a user object. Therefore, if the user is a member of a protected group, the change is overwritten in about one hour.
Back to the top
RESOLUTIONWe recommend that you do not use accounts that are members of protected groups f...We recommend that you do not use accounts that are members of protected groups for e-mail purposes. If you require the rights that are afforded to a protected group, we recommend that you have two Active Directory user accounts. These Active Directory accounts include one user account that is added to a protected group and one user account that is used for e-mail purposes and at all other times.
Back to the top
WORKAROUNDThe following information can help you work around the problem in which Exchange...The following information can help you work around the problem in which Exchange Server 5.5 mailboxes appear as "CUSTOM" for the user in the Exchange Server 5.5 Administrator program. The workaround relies on the fact that the SELF access control entries (ACEs) should be present on the user object when the user object is replicated to Active Directory by the Active Directory Connector (ADC).

You can use the Dsacls.exe utility to add the entries that are being stripped off the user objects. To do this, change the AdminSDHolder permissions. Then, add the entries that you want. Because all the entries use the security principal SELF, this workaround should not introduce any security problems.

Note You must run the Dsacls.exe utility one time to add the one access control entry that is missing from the AdminSDHolder security descriptor. For example, if you want to add six different entries, you may run the Dsacls.exe utility six times.

The following workaround changes the AdminSDHolder object. Then, the AdminSDHolder object is propagated to each user account that is a member of a protected group. Follow these steps:
Install the Microsoft Windows 2000 Support Tools from the Windows 2000 CD. These tools include the Dsacls.exe utility. You can use the Dsacls.exe utility to view, modify, or remove ACEs on objects in Active Directory.
Create a batch file that contains the following code.
dsacls "cn=adminsdholder,cn=system,dc=mydomain,dc=com" /G "\SELF:CA;Send As"
dsacls "cn=adminsdholder,cn=system,dc=,dc=com" /G "\SELF:CA;Receive As"
dsacls "cn=adminsdholder,cn=system,dc=,dc=com" /G "\SELF:CA;Change Password"
dsacls "cn=adminsdholder,cn=system,dc=,dc=com" /G "\SELF:RPWP;Personal Information"
dsacls "cn=adminsdholder,cn=system,dc=,dc=com" /G "\SELF:RPWP;Phone and Mail Options"
dsacls "cn=adminsdholder,cn=system,dc=,dc=com" /G "\SELF:RPWP;Web Information"

Note Replace "dc=,dc=com" with the distinguished name of your domain.
Wait for an hour so that Active Directory has time to rewrite the security descriptor of all the user accounts that are members of any propagated groups.
After the ADC replicates the changes, all users appear as "user" instead of as "CUSTOM."
You might apply security update 916803, security update 912442, or the daylight saving time update for Exchange Server that is described in the following article in the Microsoft Knowledge Base:
926666 ( ) Update for daylight saving time changes in 2007 for Exchange 2003 Service Pack 2
If you do this, you must prevent the AdminSDHolder from overwriting permissions that are granted to a BlackBerry Services account on protected groups. To do this, create a batch file that contains the following code:
dsacls "cn=adminsdholder,cn=system,dc=mydomain,dc=com" /G "\SELF:CA;Send As"
dsacls "cn=adminsdholder,cn=system,dc=,dc=com" /G "\SELF:CA;Receive As"
dsacls "cn=adminsdholder,cn=system,dc=,dc=com" /G "\SELF:CA;Change Password"
dsacls "cn=adminsdholder,cn=system,dc=,dc=com" /G "\SELF:RPWP;Personal Information"
dsacls "cn=adminsdholder,cn=system,dc=,dc=com" /G "\SELF:RPWP;Phone and Mail Options"
dsacls "cn=adminsdholder,cn=system,dc=,dc=com" /G "\SELF:RPWP;Web Information"
dsacls "cn=adminsdholder,cn=system,dc=mydomain,dc=com" /G "\BlackBerrySA:CA;Send As"

Note In this batch file, BlackBerrySA is a placeholder for name of the BlackBerry Service account. If you have accounts in multiple domains, you can also specify the domain in the command line by using the following format:Domain\BlackberrySA.

Alternatively, we recommend that you do not use accounts that are members of protected groups for e-mail purposes. If you must have the rights that are given to a protected group, we recommend that you have two Active Directory user accounts. These Active Directory accounts include one user account that is added to a protected group, and one user account that is used for e-mail purposes and at all other times.
Back to the top
STATUSMicrosoft has confirmed that this is a problem in the Microsoft products that ar...Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Back to the top
MORE INFORMATIONFor more information about how to delegate "Send As" rights to a user account, c...For more information about how to delegate "Send As" rights to a user account, click the following article number to view the article in the Microsoft Knowledge Base:
281208 ( ) How to grant a user "Send As" rights in Exchange Server 5.5 and Exchange 2000
For more information about the AdminSDHolder object, click the following article numbers to view the articles in the Microsoft Knowledge Base:
232199 ( ) Description and update of the Active Directory AdminSDHolder object
817433 ( ) Delegated permissions are not available and inheritance is automatically disabled
The location of the AdminSDHolder object is as follows:
Note Replace DC=MyDomain,DC=Com in this path with the distinguished name of your domain.

The following list contains the protected groups in Windows 2000:
Enterprise Admins
Schema Admins
Domain Admins
The following list contains the protected groups in Microsoft Windows Server 2003 and in Windows 2000 after you apply hotfix 327825 or after you install Windows 2000 Service Pack 4 (SP4):
Account Operators
Server Operators
Print Operators
Backup Operators
Domain Admins
Schema Admins
Enterprise Admins
Cert Publishers
Additionally, the following users are considered protected:
For more information about hotfix 327825, click the following article number to view the article in the Microsoft Knowledge Base:
327825 ( ) New resolution for problems with Kerberos authentication when users belong to many groups
Back to the top


Microsoft Exchange Server 5.5 Standard Edition
Microsoft Exchange 2000 Server Standard Edition
Microsoft Exchange 2000 Enterprise Server
Microsoft Exchange Server 2003 Standard Edition
Microsoft Exchange Server 2003 Enterprise Edition
Back to the top
Keywords: kbexchdirectory kbtshoot kbprb KB907434

Back to the top

Distribution Group Assigning "Send As" Permissions to a user

It was brought to my attention that following the steps listed in KB327000 (, which applies to Exchange 2000 and 2003, to assign a user "Send As" permission as another user did not appear to work. I too tried to follow the steps and found that they did not work. I know this feature works, so I went looking around for other documentation on this and found KB281208 ( which applies to Exchange 5.5 and 2000. Following the steps in KB281208 properly gave an user "Send As" permission as another user. But I found the steps listed in KB281208 were not complete either. The additional step that I performed was to remove all other permissions other than "Send As". Here are the modified steps for KB281208 that I performed (changes noted in blue):

1. Start Active Directory Users and Computers; click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers.

2. On the View menu, make sure that Advanced Features is selected.

3. Double-click the user that you want to grant send as rights for, and then click the Security tab.

4. Click Add, click the user that you want to give send as rights to, and then check send as under allow in the Permissions area.

4.5 Remove all other permissions granted by default so only the send as permission is granted.

5. Click OK to close the dialog box.

So after I verified that the steps for KB281208 worked, I was curious as to why the steps for KB327000 did not work. What I found was that Step #7 of KB327000 applied to the permission to "User Objects" instead of "This Object Only". Here are the modified steps for KB327000 that I performed:

1. On an Exchange computer, click Start, point to Programs, point to Microsoft Exchange, and then click Active Directory Users and Computers.

2. On the View menu, click to select Advanced Features.

3. Expand Users, right-click the MailboxOwner object where you want to grant the permission, and then click Properties.

4. Click the Security tab, and then click Advanced.

5. In the Access Control Settings for MailboxOwner dialog box, click Add.

6. In the Select User, Computer, or Group dialog box, click the user account or the group that you want to grant "Send as" permissions to, and then click OK.

7. In the Permission Entry for MailboxOwner dialog box, click This Object Only in the Apply onto list.

8. In the Permissions list, locate Send As, and then click to select the Allow check box.

9. Click OK three times to close the dialog boxes.

The KB articles were updated to include correct information. But, if you had problems with this in the past, this might be why!

- Chris Ahlers

Published Friday, January 07, 2005 9:52 AM by Exchange
Filed Under: Directory, Administration, All Posts

Of course, the key wording above is the line that reads You do not have permission to send to this recipient. Is it possible to speed up this permissions change process? Well, I haven’t been able to get someone from Microsoft to confirm this, but I believe it’s possible via the Mailbox Cache Age Limit registry key documented in KB article 327378. The KB article mentions changing the Mailbox Cache Age Limit registry key, which according to the article is used to re-read logon quota information. In my experience, modifying this key (or creating it if it doesn’t exist) with a suitable value, in minutes, speeds up the permissions change process. Note that you must restart the Information Store service after modifying this registry key. The general consensus of opinion here is not to make this value too low; a sensible value is 15 minutes. The alternative to creating or modifying this registry key is to simply re-start the Information Store service, which appears to make the permissions changes take effect immediately. Of course, restarting the Information Store service is rarely practical during business hours and you may also not prefer to go poking around in the registry, so you can also choose to wait for the permissions to be re-read at the next interval, which, as stated earlier, could be up to 2 hours.

Once the permissions have been granted and successfully taken effect, the assistant can send the message as normal. What does the recipient of the message actually see? Quite simply, the recipient will not be able to tell that it was the assistant who actually sent this message as it will appear just as if the manager had sent it. We’ll talk about another method, the Send on Behalf of method, a little later in this article.

Tuesday, January 27, 2009

Exchange system backup using Acronis True Image

Exchange system backup using Acronis True Image


lzd2121st June 2007, 06:05
Hi, I plan to use Acronis True Image Enterprise Server to backup my Exchange (2003) system partition (online backup). I've explore Acronis documentation and forum (maybe I'm missed...) about it but only found a documentation about Exchange database backup issue where we've to stop Exchange services to be able backup the data using their software.

Does imaging technology have any issues with Exchange system backup? Do I've to stop Exchange services before the backup process in order to have the system work after restored in case of failure?

Please advice.




Sembee1st June 2007, 12:40
Image based backup for Exchange is a poor idea.

There are a number of reasons for that.

1. With some of the tools you have to stop Exchange.
There is no good time to stop Exchange as it is designed to run 24/7. During the night it is doing internal maintenance.

2. It isn't an Exchange aware backup.
Unless things have changed recently, it isn't an Exchange aware backup, so doesn't flush the transaction logs and mark the database as being backed up.

3. It is a snapshot, reducing your restore options.
If you take an image backup at 3am, then the next night your server fails at 2am and you restore your backup - what happens to everything that occurred in the previous 23 hours? For most companies the most valuable email is what has been received in the last 24/48 hours. You have just wiped all of that out.

Are you going to replay the transaction logs?

If you aren't doing an Exchange aware backup then your transaction logs will be building up. What I see happen most frequently with people who do not do Exchange aware backups is that they turn on circular logging. That deals with the transaction logs that they believe they don't need and saves the space.

With a good traditional backup and good quality hardware using RAID arrays etc, the value of an image based backup for Exchange is very small. While I can see the appeal, it isn't something I do as a rule for any of my clients.



lzd2125th June 2007, 07:47
I'm asking this question because I've read an article about using imaging software to backup Exchange is the quickest (not the best) way to restore the system in case of failure, of course data backup included in the recovery procedure ( so your concern about the newest data can be eliminated because it's already covered. Previously our user's data stored in pst file but since a month ago we've centralized the data in Server and it became more important for us to be able restore the system (and data) in case of failure. For data backup, will purchase ARCserve Agent for Exchange since we already have the main module and for the system backup still on review. Could you please suggest for the best DRP for Exchange base on your experiences?

Thanks in advance.




Sembee6th June 2007, 02:28
Why do you think that newest data is covered with what you have outlined?
Exchange 2003 doesn't have any form of log shipping. Therefore to restore the database in the event fo a failure you are reliant on the transaction logs.
If you restore an image you will wipe out those logs.

There is a element of the IT industry who think that imaging is the way to backup everything... the same elements also seem to think that virtual machines should be used for everything.
I don't subscribe to either for Exchange.

There is no one disaster recovery plan for everyone, as it very much depends on what you are planning for and how long you can afford to be down. The longer you can be down the cheaper it becomes.

At a minimum the server should be on multiple hardware arrays, with hot swap everything and backed up every night (full backup, not incremental or diffs) using an Exchange aware backup application.
The domain controller should also be backed up, particularly the system state.
A tape should be stored off site.
On some sites I have gone as far as having a copy of the installation media stored off site as well.



phershey6th June 2007, 18:45
You definitely do not have to stop Exchange to do the backup with Acronis, and the current version supports VSS. We do a full TrueImage backup of our Exchange 2003 server nightly with incremental images every 4 hours during the day. These images go to a separate system which is backed up to tape every night. If just the mail server fails during the day, we can restore from the previous night's image plus whatever incrementals we have locally on the storage appliance. We do this regularly for our disaster recovery drills off-site, restoring to different hardware (HPs here, Dell systems at the DR site) as we have their Universal Restore Option for all of our servers. Local recoveries to repaired equipment are a snap.

I have to say our semi-annual DR drills were never much of a success until we went with Acronis TrueImage. We'd tried Novaback, ArcServe and BackupExec (BE we still use for a couple of systems, including just the Exchange store as a secondary backup).


lzd21213th June 2007, 05:33
Hi all, sorry for the late reply....very busy with AV problem in our Mail Server (false positive issue) during this week...even the vendor Technician not able to solve it yet....

Hi Phersey, thanks for sharing....
Could you please share your DRP for Exchange using ATI?
What I've planned is using a method provided by George Ou and having additional data backup.

To Sembee:
Quote "Why do you think that newest data is covered with what you have outlined?"

I've missed this part from the article, of course I will have data backup using third party application (just purchase CA Brightstor ARCserve) for that point.
What do you think about George article if I've additional backup for the data and moved the transaction logs to other partition? Does it will work?

Please advice.



Acronis True Image Echo Now Provides Backup and Recovery for Every Major Virtualization Platform

BURLINGTON, MA -- 01/27/09 -- Acronis®, Inc. ( announced today that its corporate Acronis True Image backup and disaster recovery software for servers and workstations now supports virtual machines and file formats from Citrix XenServer. Acronis True Image Echo enables IT managers to move, manage and maintain both physical and virtual servers using a single application. With this announcement, the software now supports every major virtualization platform, including VMware, Microsoft, Parallels and Citrix/Xen.

Among the other added features in this latest release are dual destination and integration with Acronis Recovery for Microsoft Exchange.

Dual destination -- Customers can back up a server image to two locations, including remote sites via local disk or network store, or the Acronis Secure Zone™.

Acronis Recovery for Microsoft Exchange Integration -- backup and recovery software specifically designed for Microsoft Exchange Server can now access Exchange-specific functions from within the Acronis True Image Echo Management Console.

"Virtualization will continue to grow in importance and gain wider use in 2009 as IT managers are already deploying multiple virtualization platforms and the different software required for each," said Jason Donahue, CEO of Acronis. "This latest update to Acronis True Image is agnostic toward virtualization technology and allows IT personnel to choose the platforms that make the most sense for their needs, and use Acronis across the board to keep all that data safe."

"Gartner research indicates that seventy percent of all organizations are deploying some level of server virtualization and all but a few firms are actively investigating it*," said Dave Russell, research vice president, Servers & Storage, Gartner. "It will be critical for IT managers to consider the management of virtualization, thus evaluating applications that are agnostic and offer flexibility to support their future planning and infrastructure needs."

About Acronis True Image Echo

Acronis True Image integrates seamlessly with all Windows- and Linux-based servers, regardless of whether those servers are physical or virtual.

Utilizing the Acronis Virtual Live Data Format to separate hard disk contents from the underlying file format and platform dependency, the software creates a transportable image, independent of the hardware platform that can be restored directly to and from any virtual or physical environment. This is accomplished in conjunction with Acronis Universal Restore, an add-on module to Acronis True Image Echo.

Other features include:

-- "Restore file and folders without full path" option
-- Command line tool for Acronis Backup Server to export information
stored in Backup Server about backup file names, locations and computer to
an XML file
-- "Run Acronis Recovery for MS Exchange Bare-metal Restore after data
recovery" capability added
-- Discovery of computers in Group Server can now be restricted to user-
defined network ranges

Pricing for the corporate Acronis True Image server family ranges from $499 for Acronis True Image Echo for Microsoft Small Business Server to $2,599 for Acronis True Image Virtual Edition. The updated version is currently being shipped.

About Acronis

Acronis, Inc. is the leading provider of storage management and disaster recovery software. Its patented disk imaging and management technology enables corporations and individuals to move, manage and maintain digital assets in physical and virtual environments. With Acronis' backup, recovery, server consolidation and virtualization migration software, users protect their digital information, maintain business continuity and reduce downtime in computing environments. Acronis software is sold in more than 180 countries and available in 13 languages. For additional information, please visit or contact

Run Running Apache IIS on same machine same port 80 different IP

Run Running Apache IIS on same machine same port 80 different IP

I use to work both in PHP and ASP and am not able to run ASP pages on Apache webserver. Can I install and run Apache + IIS on the same server/machine? If so what configuration and setting do I need?

Assuming that you want all servers to work on the standard port 80, you need a multihomed machine (i.e. multiple IP addresses) and if you are using IIS6, you need to configure it to listen only on some of these addresses.


By default, IIS takes every IPs port 80, even if you've only specified each of the websites to have a single IP. You'll need to do the following:

1) Get httpcfg.exe (it's on the Windows 20003 CD, or google it).
2) Type the following in a command prompt to stop all IIS services: net stop http /y
3) Type the following in a command prompt to stop Apache service: net stop Apache2.2 (you can get the ServiceKeyName for a server by running this command: sc getkeyname "Apache2.2" ( go to compmgmt.msc computer management to find the display name of a service)
4) Use httpcfg to configure IIS to only listen on the IP you want it to (type at a cmd prompt, in the directory httpcfg is in): httpcfg set iplisten -i
5) Restart IIS Services: net start w3svc
6) Restart Apache service: net start apache2.2

Should do the trick.

Edit: After step 4, run the following: httpcfg query iplisten

Make sure only the IP address you wanted listed shows up. If others still do, use httpcfg delete iplisten -i 192.168.1.x to delete the entry

I managed to get it working:

In this case the problem was that IIS 6.0 has a feature called Socket Pooling that claims all ports for all loaded IP addresses, even if not configured in IIS.

So, IIS was hogging port 80 on the IP address I'd designated as the Apache address and causing it to not run. I installed Windows 2003 and got IIS running. Then I turned off IIS and installed Apache, associating it with the IP and port that I wanted. Then I turned off the Apache service and restarted IIS.

Then, what I had to do was:

1- Extract the httpcfg.exe utility from the support tools area on the Win2003 CD.
2 - stop all IIS services: net stop http /y
3 - have IIS listen only on the IP address I'd designated for IIS: httpcfg set iplisten -i
4 - make sure: httpcfg query iplisten (the ip's listed are the only ip addresses that IIS will be listening on and no other)
5- restart IIS Services: net start w3svc

Voila! Apache is listening on its default ports on and IIS is listening on its default ports on

Originally Posted by peppy
I know you can run them on a different port, but I want to run them both on port 80, is the possible with two network cards

thanks for your reply

You can disable the socket pooling in iis 5.0 to release the ip and port for apache to use. here is how to do it from Microsoft website:
1.Open a command prompt and make sure you are in the X:\Inetpub\Adminscripts folder (where X is the IIS installation drive). To do this, type the following lines at the command prompt: X:

2.After you open the Adminscripts folder, type the following line at the command prompt: cscript adsutil.vbs set w3svc/disablesocketpooling true
3.The command replies as follows: disablesocketpooling : (BOOLEAN) True
4.Stop and start the IIS Admin service.5.Restart the WWW service.

Good luck!

Sunday, January 25, 2009


Mar 24th, 2007 by mmdays
文/蔣勳 (摘錄自《天下雜誌》教育基金會主辦之演講,許立佳整理)
<甜太簡單,回甘才有味 >
<蘇東坡從甜到甘的人生 >
<「無目的」的人生清涼 >
<「吃到飽」的文化象徵殘缺 >
<只有是非,人生不可能豐富 >
<美需要在生命中不斷地庫存 >
<「考」出一個人的價值? >


Oct 21st, 2008 by Mr. Monday
Posted by Mr. Monday

(圖片來源: Savage Chickens)
我想,上面的話語,在許多上班族看來或許多少有些感觸。有時候,我們不得不承認,這個世界是殘酷的。當在學校的時候,無論你做的結果有多差,但是你盡力 了,那麼老師同學也不會太苛責你;然而,一但出了社會,溫室就被掀開了,這個世界終究不像童話般美好。你發現,這個世界原來還是結果導向的世界,無論你盡 了多少力,那個不是重點,重點是,你所達成的目標。在你踏入叢林的第一刻,你就瞭解到了原來你所理解的社會價值觀跟實際的社會價值觀有著所謂的距離,你所 熟悉的正規法則似乎不是這麼管用。你開始逐漸迷惑,儘管你想要堅持你的原則,但是如同漂流般的浮萍,你的行為似乎身不由己。你發現到了,原來課堂上所教授 的知識僅僅是鳳毛麟角。在課堂上,你從來不會學到該如何跟你的主管互動,你也不會學到該如何跟你的同事互動,當然你更不會學到該如何跟你的客戶互動。你或 許發現到了,所謂的專業並不僅僅代表你的技術高超,而是代表能夠有效率地把事情完成。因此,重點似乎就是 “完成” 。
你開始忙碌著,開始追逐著一個又一個的 Deadline;你感到極大的壓力,因為你的老闆總是希望明天就能看到結果;你感到極度的疲憊,因為你已經連續加班了三個禮拜;你感到極度的挫折,因為 無論你多麼盡力,似乎你的客戶就是無法滿意。當你偶而停下腳步時,想問問自己,究竟自己要的是什麼時,卻發現自己已經跌入茫茫的大海裡,而眼前的 Deadline 是似乎成了你唯一的浮木。你曾經想過,或許你可以改變航行的方向;然而現實總是將你推回了你 “應該” 所在的行道;不過,或許真正的原因是,你並不清楚自己所要航行的方向。你開始自問,究竟,我還剩下多少自己?
我曾經在 “我所理解的東西,永遠不是它真正的涵意” 裡面提到 “所謂的世界,就是我們認知的全部,因此,換個角 度,世界也就改變了”。換個角度並不會讓你的工作量減少,也不會讓你的專業能力馬上提升,但是,卻能夠大大提升你的態度,以及減低你的壓力。你將發現,一 個又一個的專案可以磨練你的專業;每一次的挫敗都是寶貴的經驗;你發現到原來四周都滿佈著學習的機會。然而,我們該如何把自己的視角轉換成這種角度呢? 我以為,你應當要追求你所熱愛的東西,當你在追求你所熱愛的事物時,你將感到時間是停止的。然而有時候夢想跟現實是有差距的,你對於追求夢想並沒有堅定 的決心,甚至,你的夢想是模糊的,就如同站在沒有告示牌的交叉入口上面。如果是這個樣子的話,也許可以退而求其次,先試著將你所擅長的事情 (或許正是你手邊正在做的事情) 當成你是所熱愛的目標。而當你這麼開始做時,你將發現你是主動而積極的。然而,我當然不希望這是另外一種自我麻痺,或許你將真正愛上你所做的工作。
我以為,人生就是一種修練,就是一種學習。我們試著釐清瞭解其中的因果,而瞭解其中的因果是為了能夠不要迷失自己。事情總有不完美的地方,然而我們試著理 解這些不完美,而或許不完美也只是價值觀上面的認知,而真正的本質總是藏在薄紗之後。人生難免挫折,拍拍褲子,再站起來,明日的太陽依舊會升起,而昨日的 總總將成為你往後的基石。你沒有什麼損失,你的四肢依然健全,時間繼續流動著,世界如此美好,人生如此寶貴,不如就好好掌舵,精彩走上一回吧!
To My Beloved.


May 24th, 2008 by Mr. Monday
Posted by Mr. Monday
(圖片來源: Savage Chickens)
很久沒寫這一類的文章了,會想寫這一類型的文章,是因為最近我一個好友跟我開了個玩笑,他看了我的介紹之後去買了 Donald Norman 的書回來看,但是他認為 Donald Norman 的那本 <設計&日常生活> 所描述的概念都非常普通 (trivial)。因為他是我一個很好的朋友,所以我知道他是在開我的玩笑,但是這讓我跌入一些回憶以及想法之中。這個題目我想了好久,最後我覺得,也許 “我所理解的東西,永遠不是它真正的涵義” 正是我整篇文章所要傳達的概念。這邊,我跟各位讀者分享我的想法,也讓自己再次回顧自己的思維。
人是很喜歡解釋這個世界的動物,但是我們會很習慣地用自己 “已經學習到” 的思維來解釋我們所看到的事情。在心理學的領域當中已經探討過這類的問題,這類的特性可以稱作認知窄化 (cognitive narrowing) 或是隧道視野 (tunnel vision)。Donald Norman 在 <心科技> 裡有著這麼一段的描述: “人類容易專注在比較明確的假設上,而且一旦專注在假設上,即使面對矛盾的證據,也不容易改變立場“。
乍看這句話,似乎描述的頗有道理,但是似乎又覺得這個道理應該不會發生在自己身上才是。因為我們已經 “了解” 了這個問題了,所以,我們應當不會犯這種愚蠢的錯誤才是。不過正如 Donald Norman 在另外一本書上所說的一樣,任何事情在後來看來似乎都是理所當然,但是在當下決定的時候,事情總是不是你想像的那麼清楚易見。
也就是因為,我們人類會習慣於用自己已知的知識框架來解釋我們所遇到的問題,因此,在很多決策點上面,我們會做錯決定。或許你會說,那是因為資訊不夠充足的關係,或者還包含了種種的外在因素,並不完全是因為有限認知的問題。的確是這樣子沒錯,但是正如前面所說的,很多的事情是對資料的判讀錯誤,而做判讀正是做決定的人,而這些被判讀的資料,在事後看來似乎又這麼清楚易懂。因此,也就是判讀的人,利用了他自己的知識框架詮釋了資料。Donald Norman 在 <心科技> 裡有著這麼一段的描述: “誤診似乎總是對正在經歷的事物提出解釋,萬一有新的事物進來,也會在原先診斷的框框內解釋,相對矛盾的資訊則被丟棄“。
(圖片來源: CrunchGear)
Donald Norman 舉了一個飛機降落失事的故事,這位機長在最後遞交給美國太空總署的安全報告中可以明顯看出他在判斷決策過程當中的心智歷程:
我看見機場,也看見 35 號跑到的目視降落飛行指示燈…,由於燈光似乎不亮,很難將其排成一線。但因為我曾在此跑道降落三次,所以我有信心是這條跑道。不久,我發現跑道的旁燈消失了,中線則是綠燈。儘管一切都不太對勁,我仍然相信是這條跑道沒錯,因為機場塔台的維修人員經常在談論燈光的問題。不過,我並沒有想到去檢查方向旋轉羅盤。直到鼻輪降下,我看見黃色的中線時,仍告訴自己這是 35 號跑道…事實上,我降落在滑行道上。…我相信這次以外的主因是,經過暴風雨時缺乏雷達的飛行壓力,以及我的心態…雖然證據充分–既無跑道燈,也無目視飛行降落指示燈,而且中線燈是綠色的–我仍然拒絕承認它不是 35 號跑道。
因此,如果你以為因為有限的認知而誤判事情,只會出現在別人身上的話,那或許你可以開始每天注意一下自己所做的決定,以及你如何判讀每一項資料。因為我也見到過大老闆也因為社會經驗的歷程而誤判了情勢的情況。我們所經歷的社會經驗,每一次的經歷,都增加了我們對這個世界的認識,或許增進了我們的 “智慧”,然而也或許更為我們自己多加上了一個剛強的架構。所謂的世界,就是我們認知的全部,因此,換個角度,世界也就改變了。
(圖片來源: Savage Chickens)
科技在進步,我們對整個世界的認知也不斷地改變。然而,我們卻很容易的以為,我們 “暸解” 了這是怎麼一回事,也就是說,我們以為我們對我們所發展的東西有了充分的認識。然而事實上是,我們從未真正完全地暸解它,直到時間改變了,我們不得不用另外的角度來解釋它時,我們又重新認識了它,但是,我們沒還是未曾真正暸解它。
Roentgen Ray 發明了 X 光,因此醫生跟科學家能夠輕易透視人體,這也成了方便的研究以及觀察工具;然而直到數年之後,終於有人因為長期輻射而造成了身體傷害之後,大家才從另外一個面向暸解了 X 光。直到馬歇爾和華倫發現幽門螺旋桿菌會導致胃潰瘍和十二指腸潰瘍之前,所有的醫學界都認為在胃酸如此嚴苛的環境之下是不可能有細菌存活的。直到牛頓告訴我們所出的力是跟加速度成正比前,人類都一直接接受著亞里斯多德的通俗物理學: 力跟速度成正比。諾貝爾在發明火藥後,才知道火藥的威力正好助長了人類的劣根性,許多生命在這個發明之後喪失了,許多的生命也在這個發明之下得救了,到現在,我們都還未曾瞭解這項科技。Tim Berners-Lee 發明了互聯網,互聯網在 2000 年達到了一種前所未見的高峰,然後泡沫破掉了,我們以為我們瞭解了這項科技: 不過就是一個被炒作的科技;然而,隨著時間的推移,互聯網的應用超過了我們所能想像,現在我們有 Web 2.0,但是我們還是不曾真正瞭解它最後能帶給我們什麼。
因此,當我們遇到未知的事情時,我們會先對內 (已知的知識) 找可以從中拼湊解釋的元素,如果能夠解釋的話,我們就當成我們已經瞭解了這是怎麼一回事了。直到,隨著時間的變化,事情開始無法自圓其說了,我們才會強迫自己以另外的角度來看這個世界,然後才會找尋原本不屬於自己範圍內的知識來認知這個世界。然後,這個未知的知識,又變成了已知的知識,我們把它內化,視為另一個理所當然,我們拉大了自己的認知範圍,同時也為自己多加了一條柵欄。
(圖片來源: Savage Chickens)
我一直覺得理所當然是一件很恐怖的思維,如果我們很容易的認為某件事情是理所當然的話,那我們就失去了反思以及辨思的能力,我們將在我們所建立的死胡同內踱步著。我看了這一期 <商業周刊> 聞亦道的專欄,他談到美國直到 1967 年之前,美國的法律是禁止不同種族結婚的。而當時的法官是這樣子認為的: “黑人白人不能通婚的理由是,如果上帝當初的意旨是要黑白兩族混在一起的話,就不會把他們安置在不同的洲際了”。你以為這個奇怪的觀念在現在應該是沒有才對,那你又錯了,因為直到 2000 年阿拉巴馬州才正式廢除不同種族通婚的法律 (Miscegenation Law)。
我也回想起大學時代念的管理書籍,當時我們視為這些在書中的文字所說的事情都是理所當然,似乎沒什麼特別難理解的地方,相較於難以推理的演算法,這些科目似乎沒什麼挑戰性,也沒什麼趣味,因為我們認為裡面所講的管理知識似乎是理所當然 (trivial)。這讓我想到我聽過的一個演講,訊連科技的董事長黃肇雄教授曾經有次演講說,他以前也很瞧不起管理書籍,他認為裡面講的都是廢話,直到他創業之後,再回頭看這些管理書籍,他才發現,裡面所說的錯誤,該犯的他都犯了。
禪宗裡面的一段話,這一段話是出自 <青原惟信禪師語錄>: “老僧三十年前來參禪時,見山是山,見水是水;及至後來親見知識,有個入處,見山不是山,見水不是水;而今得個休歇處,依然見山祇是山,見水祇是水“。我們當初在看書時,以為瞭解了作者所描述的狀態,以為瞭解了他所表達的知識,那只是 “見山是山”;當我們實際上去執行時,我們發現了有微妙的差異之處,甚至有未描寫的狀況,因此我們認為 “見山不是山”;等我們全部經歷過之後,很多的內在知識我們無法用言語說出,但是我們知道那是一座山。但是當沒真正爬過那座山的人,不會知道隨著高度的上昇,周圍氣壓微妙的變化,步道兩旁的花花草草,遠方的景色,體力的消耗所影響的心智…,可是這些無法一一完全描述完畢,但是當真正登過的人所說出的 “山”,跟從未登過的人所說出的 “山” 的意境是非常不同的。
這讓想起一些經典的書籍在隨著時間閱讀的點不同,而有不同的想法。我在高中時,因為奇怪的原因,因此讀了一遍孫子兵法,我對照著注釋,將文字看過去了,我以為我懂了孫子在說什麼了。大學的時候,因為要考預官,我又將孫子兵法看了一遍,這次,同樣的文字,我卻有了不一樣的想法,我發現,有些地方我的確沒什麼瞭解。後來,我發現,我沒真正瞭解過它,因為如果我瞭解了它,那也就代表它是我的一部份,我是能夠運用自如的。經典的書籍,就如同孫子兵法一般,隨著我們的年齡,一看再看,在不同的時點,我們卻得到了不同的 “答案”。而如此經典的書籍,也正如它經典的文字一般,讓我不禁懷疑,事實上,寫下這本書的孫子,實際上也沒有完全瞭解它。活著的不是書本,而是我們;正因為文字所容納的模糊地方,讓它能夠被解釋的部份放寬了;正因為我們對世界、對社會、對人生的認知不同了,因此我們以為我們在看書時讀出了絃外之音。
世界是什麼? 人生是什麼? 我們所認知的世界,跟真實的世界是有差距的;我們所認為的人生,跟它本身的真相是有差距的。這是因為我們身而為人的認知是有限的,我們以我們有限的感官來理解這個世界,正如同我們以管窺天;我們的生命是有限的,因此當我們用自己的歷程來解釋未來時,我們以為這就是趨勢,然而在宇宙的歷程中,我們所存活的時點,所移動的空間,都是微不足道的。
我們傾向於相信我們所能接受的事物,這是我們的人性。然而,生而為人,我們能理解到這一點,代表我們有不可思議的反思能力。雖然我們的認知有限,雖然我們的生命有限,但是只要我們是能夠一直保持著開放的心胸,不斷地謙卑地學習,那麼我們就會慢慢逼近事物真實的涵義。或許當你真正體悟時,也是 “此中有真意,欲辯已忘言“。共勉之。


Sep 2nd, 2007 by mmdays
Posted by Mr. Monday
最近收到一篇轉寄的文章,看了之後很有感觸,這邊跟大家分享一下。常常在不知不覺中我們的腳步就因為旁邊人的步伐而錯亂了,究竟你是踩著自己的步伐,還是踩著別人的步伐呢? 調整一下腳步,調整一下呼吸,今天開始你做你自己:)
台灣最大的外商銀行 — 花旗,一個臥虎藏龍的金融競技場。花旗人的外表,多半光鮮亮麗、自信滿滿,但他們卻面臨比別人更激烈的競爭與壓力,為了強過身邊的「第一名們」,他們必須更用力的工作,甚至犧牲自己的生活。不過,民國五十三年次,擔任花旗銀行金融同業處副總裁的黃毅,卻有一套與眾不同的工作哲學。進入花旗銀行十三年,黃毅從不加班,他只有一次在週末加班的紀錄,一個禮拜的應酬不超過兩天,回家絕口不談公事、不想公事。這樣的人,仍然可以在花旗銀行裡擔重任。五年前,黃毅接下這個職位,帶領著近二十人的團隊,爭取與銀行同業、保險、證券、投信,甚至央行等法人機構的往來業務,五年來,這個部門對銀行貢獻的收入金額成長超過一倍。去年,這二十個人創造出十三億元的收入,並將國際科技大廠委外代工的觀念引進國內的銀行市場,推動銀行將核心業務的非核心能力業務委外給花旗代工。
期許自己每年都要做一件很有意義的事 –讓「 六十歲時回憶起來會微笑十秒 」還有一件事可以凸顯他經營生活的用心。民國八十三年,黃毅已經是花旗的主管,在很多人的印象裡,銀行的主管應該是一板一眼,嚴謹自律,但黃毅竟然報名參加Marlboro公司(萬寶路香菸)所舉辦的西部探險活動,當時,台灣報名者眾,經過筆試、口試與體能測試,黃毅成為第十一名,是候補第一名。幸運的,有名獲選者因故不能成行,於是他得以參加這為期十天的活動。在同伴裡,黃毅的銀行員身分顯得相當特殊。當時,這群人浩浩蕩蕩開往美國西部,從北邊到南邊,他們學西部牛仔的騎馬趕牛、玩吉普車、泛舟、越野車等十天,台灣的《民生報》等媒體還隨行報導每天活動。「過癮極了,」黃毅說,「如果到六十歲時,我想到一件事還會微笑十秒鐘,那麼我花一年來做這件事都值得。」因此,黃毅每年都告訴自己要做一件很有意義的事,不管是工作或是旅行、玩樂。
一位與黃毅共事多年的同事形容,黃毅很懂得玩樂,是標準「WorkHard,PlayHard」的人。這個性格有什麼原因嗎?黃毅反問記者,「你認為,人生可以規畫嗎? 」 父親驟逝,體會人生無常 —「 活在當下,更及時行樂」黃毅三歲時,父親就過世,得年三十五歲,除了一個姊姊、弟弟外,黃毅的母親腹中還懷著一個胎兒。直到現在,父親的死因仍然不清楚,「我們根本措手不及,前一天父親才覺得不舒服,沒想到隔天就走了,」黃毅說,「所以,你今天可能才生病,明天就掛了。」因此,「要活在當下,更要及時行樂」的觀念一直深植在黃毅心中,他不要像他父親一樣。黃毅從來不相信人生可以規畫,也從來不會把生活切割成「求學、工作、退休、享樂」四個階段。在黃毅生活裡,他永遠把此刻可分配所有的資源,做最適當的分配,而 不會把資源設想成可以儲存到未來的某一天再享用 ,根據這個原則,他的時間配置自然與多數人不同。
因此,問他是否為了追求保有高的生活品質,而放棄工作、放棄更上層樓的機會?黃毅覺得很好笑,「對我來說,這是極為自然的事,沒有放棄什麼啊!」如果把人生比喻成一個圓,每個人都有自己的圓,有大有小,每個圓裡的成分也長得不一樣,「我非常篤定自己要的圓長什麼樣子,我做的每一件事,都符合這個圓的樣子 。」黃毅說。很多人,對金錢的追求有一個模式,他們的第一個目標是三千萬元,當達到第一個目標後,第二個目標就是一億元,然後,三億元是第三個目標,然後,就變成「錢奴」。「為什麼我不會變成這個樣子呢?」黃毅曾經這樣研究自己,許久後,他終於知道,「人生真的可能很短」這個從小就深深影響他的觀念,是他所追求的人生,與別人最大不同的原因。
黃毅的父親過世後,母親為了撫養幼兒,長期在外地當紡織廠的女工,即使黃毅已經擔任花旗銀行主管時,母親仍在餐廳裡洗碗,甚至為人幫傭。當時,黃毅下班後也還會到餐廳裡幫母親的忙。從小,黃毅由祖父母一手帶大,並生活在有五、六十個堂兄弟、妹的大家族,他從小就知道要如何自己解決問題,如何與別人共享資源,而在職場上成功。但是,黃毅清楚的認知, 一切的成功,只為了活出豐富的生活品質。從小的生活經驗,黃毅學會獨立,也學會與別人共享資源,並培養出等待成功的耐力。而且,「我把一個人當成人在經營,而不是當公司在經營。」因此極度工作,極度玩樂是他想活出的人生彈性。被遺忘的職場生理時鐘
他們從自己的人生中瞬間抽離,也從職場同儕的集體記憶裡消失,我或許略知他們在工作上面臨的壓力與瓶頸,卻不曾體恤他們身體的脆弱,工作霸佔了他們得以喘息的時數,他們經常憂慮業績無法達成,新產品沒辦法順利上市,趕不及提案給老闆,他們在家庭與職場之間、人生與事業當中失去身體的主控權,即便公司給了他們優渥的待遇、高額的團體保險、昂貴的健康檢查補助,卻還是彌補不了生命倉促煞車的遺憾 。
企業總是不斷強調績效,工作狂主管也總是大方打亂員工的生理時鐘,許多上班族的人生因此失去平衡,讓 原本只應該 share三分之一時數的職場鐘點,殘酷侵蝕了另外三分之二得以休閒與睡眠的美麗時光。老闆或許每天關心工作進度,卻不曾問過員工有沒有長期便秘的煩惱;稽核可能按月追蹤交際費用,卻沒興趣知道員工的膽固醇有多高;同事之間也許計較誰的升遷快、誰的薪水高,卻沒想過誰的快樂多、誰的睡眠品質好。
許多企業或許記得定期保養大小事務機器,為它們更換耗材檢測線路添加潤滑劑,卻疏於打理員工的身心狀況,或急於測試員工的容忍極限,期待在薪水額度之內獲得超值對價;而員工同樣高估自己的能量,總以為吞幾顆胃藥就能撐過身體苦痛,總以為每天睡三小時不成問題,或者多喝幾杯黑咖啡就能增加幾個小時的續航能力,甚至,仗著年輕、仗著體力好,就放肆熬夜、應酬、緊張、多疑,或看著自己的臉色變得蠟黃蒼白,以為多敷幾次臉,多吞幾顆維他命,應該就OK 了吧!
職場電腦化之後, 上班族經常把自己也當成不當機的CPU,即便體內的肝、膽、胃、腸、腎、心臟、血管、淋巴、內分泌、自律神經、脊椎或視網膜,已經悄悄舉牌抗議了,而一徑在職場上逞強的人啊,不要自以為是無敵鐵金剛,身心的 bug早就呼天搶地了 。被遺忘的職場生理時鐘,以及更多被忽略的員工健康警訊,在屢屢被誇大歌頌的幾波職場生態革命中,在網路改變了無時差的全球化競爭之後,人類的生理機能並不具備24小時運轉的本事,朝九晚五原該是最符合養生的工時概念,所有企業體,甚至所有工作者,是該逐步修正超時賣命的工作哲學,回歸健康工作的職場概念?

Saturday, January 24, 2009

Network Card Promiscuous mode

Promiscuous mode
From Wikipedia, the free encyclopedia
Jump to: navigation, search

In computing, promiscuous mode or promisc mode is a configuration of a network card that makes the card pass all traffic it receives to the central processing unit rather than just packets addressed to it — a feature normally used for packet sniffing.

Each packet includes the hardware (Media Access Control) address. When a network card receives a packet, it checks if the address is its own. If not, the card normally drops the packet. But in promiscuous mode, the card doesn't drop the packet, thus allowing the computer to read all packets.

Many operating systems require superuser privileges to enable promiscuous mode. A non-routing node in promiscuous mode can generally only monitor traffic to and from other nodes within the same collision domain (for Ethernet and Wireless LAN) or ring (for Token ring or FDDI). Computers attached to the same network hub satisfy this requirement, which is why network switches are used to combat malicious use of promiscuous mode. A router may monitor all traffic that it routes.

Promiscuous mode is often used to diagnose network connectivity issues. There are programs that make use of this feature to show the user all the data being transferred over the network. Some protocols like FTP and Telnet transfer data and passwords in clear text, without encryption, and network scanners can see this data. Therefore, computer users are encouraged to stay away from insecure protocols like telnet and use more secure ones such as SSH.

Reset TCP/IP and Winsock settings in Microsoft® Windows® XP.

Reset TCP/IP and Winsock settings in Microsoft® Windows® XP.


The following steps require you to have administrator privileges on the system.
To clear Winsock settings, perform the following steps:

1. Click Start, click Run, type regedit, and click OK.
The Registry Editor window appears.
2. Click the plus to the left of HKEY_LOCAL_MACHINE.
3. Click the plus to the left of SYSTEM.
4. Click the plus to the left of CurrentControlSet.
5. Click the plus to the left of Services.
6. Right-click Winsock and click Export.
The Export Registry File appears.
7. Save the file in My Documents as Winsock.reg.
8. Right-click Winsock and click Delete.
The Confirm Key Delete window appears.
9. Click Yes.
10. Right-click Winsock2 and click Export.
The Export Registry File appears.
11. Save the file in My Documents as winsock2.reg.
12. Right-click Winsock2 and click Delete.
The Confirm Key Delete window appears.
13. Click Yes.
14. Restart the system.

To reset Winsock and TCP/IP settings, perform the following steps:

1. When the system has finished restarting, click Start, click Run, type ncpa.cpl, and click OK.
2. The Network Connection Properties window appears.
3. Click the General tab and click Install.
The Select Network Component Type window appears.
4. Click Protocol and click Add.
5. The Select Network Protocol window appears.
6. Click Have Disk.
The Install From Disk window appears.
7. Type C:\Windows\INF and click OK.
8. Click Internet Protocol (TCP/IP) and click OK.
9. The Network Connection Properties window appears.
10. Click Close.
11. Restart the system.
12. Click Start, click Run, type netsh int ip reset delllog.txt, and click OK.*****

Friday, January 23, 2009

how to migrate mail messagges from ms. exchange to postfix

how to migrate mail messagges from ms. exchange to postfix?
Hi, I have to migrate e-mail messagges from a ms exchange server to a postfix server.

I have found nothing, the only thing I have in mind is to use fetchmail on the postfix server to get the e-mail messagges from the ms exchange server.

Is this correct?

Are there other methods, like "copy" e-mail from one machine to the other?

Which format are the exchange e-mail stored in?

Thanks in advance.

I have no idea what format Exchange uses to store emails, so I think fetchmail or getmail would be the best options.

Fetchmail can only be used for mail in transit, you need to use imapsync to do the migration it will preserve all the message flags.

Exporting MS Exchange 5.5 Users to Postfix

While configuring a Postfix mail server to relay inbound email from the outside world to a Microsoft Exchange server inside a customer's network, we wanted to populate the Postfix "relay_recipients" table with all the valid internal users. Though it's possible to just "relay everything", it means that the Postfix server will accept delivery for invalid accounts and then have them be refused by Exchange. This puts the burden of generating a bounce email onto Postfix. By populating the relay_recipients table, Postfix can reject this mail outright before taking delivery. It's just cleaner all around.

This Tech Tips documents how we built an automated system for exporting the user list from Microsoft Exchange, transferring it to the mail server, and specially processing the address list to build the proper table. This now runs on an automated basis on several customers and requires no human intervention.

The discussions here involve this environment:

  • Microsoft Exchange 5.5 SP4
  • PuTTY -or- VanDyke Software "SecureCRT" 4.x
  • Red Hat Linux 8.0
  • Postfix 2.0.9
  • OpenSSH 3.5

Note: We considered having Postfix make an LDAP query to the Exchange server, but we rejected it for several reasons. The main reason is that we wanted the mail relay machine to be as standalone as possible, not depending on Exchange to be available in realtime to decide to accept the message or not. We are looking into doing this "right" with LDAP, but for the time being we wanted the relay recipients listed locally.

Note further that here we are using Berkeley DB files for for storing the data even though there are plenty of other ways to do it (LDAP, MySQL, etc.). Adjust to your own environment.

Exporting users from Exchange 5.5

This proved to be the hardest part, and credit for figuring it out goes to Steve Gardiner of Draper's & Damon's. He waded through the bad and buggy Microsoft documentation to get it running on a completely unattended basis.

For this process we use the ADMIN.EXE (Exchange Administrator) command, but with command-line options that make it unattended. By way of example, our Exchange is installed at D:\exchsrvr and we're putting our custom files in D:\userexport. These of course can be relocated anywhere as needed.

One of the main difficulties was getting the entire list of email addresses in the system: all kinds of addresses were not showing up for one reason or another: this made the relay list incomplete.

We're creating several files in our D:\userexport directory:

The ADMIN program reads from the output file to learn what fields are being exported - which seems to us to be an odd arrangement - and we create this small template file to repopulate the file anew on each run. Otherwise, it's conceivable that a problem in the export process could lead to a trashed output file, losing the field list. Without a field list to start with, ADMIN chooses a default list that's not useful to us.
The file should contain:
Obj-Class   tab   E-mail addresses   tab   Secondary-Proxy-Addresses
Once created, it's never touched again.
This is a file that tailors the behavior of the ADMIN program for this export operation, and though it may be possible to use some "system" configuration file for this, we use a private config file that won't impact Exchange operations beyond the export.
DirectoryService=servername here
; 09 = TAB
; 37 = %
; 34 = "
This batch file actually runs the export, and (later) will send the file to the Postfix mail server for addition to the relay-recipients database.
This batch file contains:
cd \userexport
copy exportfields.txt exchusers.txt
\exchsrvr\bin\admin /e exchusers.txt /n /o userexport.ini
The /n parameter suppresses a GUI progress display box, /o specifies the name of the options file, and /e shows where to export the data to.

Once these above files are created, give it a test run by launching the batch file. There won't be any meaningful output (remember that we used the /n switch to suppress progress reporting) only the final exchusers.txt file will be created to show success.

The file contains all email addresses for all users, and this includes addresses that aren't for the internet (X.500, CCMail, etc.). These are all removed later during file processing.

Processing on the Exchange server

We are temporarily skipping the step of exactly how to get the data up to the Postfix system and just presume it somehow happened. This file has been conveyed to /etc/postfix/exchusers.txt and we'll touch on how we actually did that conveyance below.

The exchusers.txt file is in a form entirely unsuitable for use by Postfix, so we must do a bit of processing with a small perl program to make it useful. Though it's possible to do a direct one-to-one translation, in practice this is not very useful. The main reason is that most sites don't wish for every email address inside the network to be relayed from the outside.

In some cases each user has several addresses that account for previous email schemes, and in others there are users or distribution lists that should simply not be permitted from the outside: would be a lousy address for a spammer to get. Finally, Exchange has some internal email addresses that don't look promising for external access, such as

In addition, the directory can contain aliases for non-local addresses, such as "page-consultant" as an alias for an external pager email address. This is mainly for internal use: outside users shouldn't be able to use it. It's possible to exclude this specifically in the --exclude file, but it's easier to simply tell the parser to exclude all addresses that aren't in our interesting domain.

The --domain=D parameter adds D to the list of valid domains (it can be repeated), and if defined it ignores any addresses not in that list. If this option is not given at all, there are no domain-specific restrictions.

We normally put this rule in a makefile in the Postfix working area:

ALL = ...relay_recipients.db ...

all: $(ALL) --exclude=exclude-users.txt

relay_recipients : exchusers.txt exclude-users.txt
tab ./parse-exchange-users ${OPTS} <> $@

%.db : %
tab postmap $*

Now, typing "make" will build this file from scratch.

NOTE - those who have never used a makefile may wish to consult our other Tech Tip: Using "make" for Postfix file maintenance.

Configuring Postfix to use the relay recipients is not really within the scope of this Tech Tip, but the relevant line in the file should be something like this:

relay_recipient_maps =

In a more advanced environment, where one domain is on the "inside" but other domains are involved in relay, it may make sense to put the recipient lists in separate files:

relay_recipient_maps =

Here, we presume that exchange_recipients is the dynamically built list, and relay_recipients is the one maintained by hand. We believe this does require two separate database queries, but we're not working in a high-volume environment. Those that are might concatenate two input files and create a single relay_recipients file as input to the database file.

As a final step we'll add a single command that's used to rebuild just the files related to relay: it's used by the automated processes that follow. In the file /etc/postfix/rebuild-relay-recips we include:

cd /etc/postfix
make relay_recipients.db

and the file must be made executable:

# chmod u+x /etc/postfix/rebuild-relay-recips

Running this all by hand is very tedious, and in practice there is simply no way that anybody's going to be really religious about running this every time a user is added to Exchange.

So we've worked out a few ways to automatically copy the data from the Exchange machine to the Postfix machine using secure copies (we presume that Exchange is inside the corporate firewall and that Postfix may be outside or in the DMZ). Though we prefer the commercial software SecureCRT, we've also figure out how to use the freeware PuTTY tool for this.

Choose one of the two sections below.

Automating Using SecureCRT

We used SecureCRT from VanDyke Software as our SSH client, and though it's commercial software (about $100), we have used it for years and are very happy with it. It has a regular terminal emulation client, plus command-line copy and remote shell tools that work together.

After installing SecureCRT normally on the machine that runs Exchange, we next need to create an RSA public/private key pair to allow secure and unattended copies. This key should not be the one used for any other purpose!

Launch SecureCRT, then navigate this way through the menus:

  1. Select Tools:Create Public Key from the top menu
  2. Click Next after the introductory dialog box
  3. Select a RSA key, then click Next
  4. do not select a passphrase, then click Next
  5. Select a 1024-bit key click Next
  6. Move the mouse around as requested to provide random input, then click Next
  7. Save the key file in D:\userexport\exchupdate, then click Finish
  8. Click No when asked if you wish to use this as your global public key
  9. Close SecureCRT

Somehow get the file to the Postfix server, and run these commands as root. One way is to ssh from the Exchange server to the Postfix server and actually paste the few ASCII lines from the pub file to the output place directly:

# cd /root/.ssh

# cat >
{paste here}

# ssh-keygen -i -f >> authorized_keys2

# vi authorized_keys2
{add a comment "Exchange user update from NTSERVER"}

Now this key is allowed to run commands as root.

NOTE - there are all kinds of ways to add increased security to this arrangement, such as limiting which IP addresses this key can be used from, limiting which commands can run, and running this as a non-root user. This is all highly relevent, but we didn't want to bog down this Tech Tip with this detailed information. Feel free to give it a go.

Now we update our original batch file to reflect the added functions of "copy data to Postfix system" and "rebuild the relay recipients".

cd \userexport
copy exportfields.txt exchusers.txt
\exchsrvr\bin\admin /e exchusers.txt /n /o userexport.ini

vcp -i exchupdate exchusers.txt root@servername:/etc/postfix
vsh -i exchupdate -l root servername /etc/postfix/rebuild-relay-recips

The last two lines do the real work, and it of course depends on having VanDyke's vcp and vsh commands in the search path. Replace servername with the name of the Postfix server.

Now, running this script on the NT system will do a start-to-finish update of the relay recipients for this Exchange server, and this can be scheduled to run out of WinAT - the command scheduler - periodically. We typically run it once an hour during the workday. The command scheduler can be found in the Windows NT 4.0 Server Resource Kit.

Automating Using PuTTY

Though we have been fans (and paying customers) of SecureCRT for a very long time, we understand that others may wish for alternate solutions for getting the data from Exchange to the Postfix system. This section details the updates using the free solution PuTTY. Please note that this is the first time we've ever used PuTTY: those finding better ways to do this are encouraged to let us know.

  1. Locate the three required PuTTY binaries: pscp.exe (secure copy), plink.exe (secure remote command execution), and puttygen.exe (the key generator). We normally put them right in the same directory with the other parts of this little system. We found PuTTY here
  2. Create a PuTTY RSA public/private key pair:
    • open command window, go to working directory (e.g., "D:\userexport")
    • run puttygen.exe
    • select the SSH2 RSA Key radio button
    • click the Generate button
    • move the mouse when requested to generate random data
    • when finished, enter anything you like for a key comment (we use "Exchange User Update Key")
    • do not enter a pass phrase!
    • click "Save Public Key" and navigate to the directory you're working in: name it
    • click "Save Private Key" and navigate to the directory you're working in: name it exchupdate.ppk. Approve the request to save without a passphrase.
    • exit the puttygen program
  3. Somehow Convey the PuTTY public key file ( to the Postfix machine, put it in /tmp or other convenient place.
  4. As root, convert the key file from SSH2 format into OpenSSH format, appending it to the list of authorized keys:

    # ssh-keygen -i -f /tmp/ >> /root/.ssh/authorized_keys2
    # rm /tmp/
  5. Edit the /root/.ssh/authorized_keys2 file to make sure the key comment was entered - edit if necessary.
  6. Update the runexport.bat batch file with the two secure commands:

    cd \userexport
    copy exportfields.txt exchusers.txt
    \exchsrvr\bin\admin /e exchusers.txt /n /o userexport.ini

    pscp -2 -i exchupdate.ppk exchusers.txt root@servername:/etc/postfix
    plink -2 -i exchupdate.ppk root@servername /etc/postfix/rebuild-relay-recips


Thursday, January 22, 2009

How to make scrollable checkboxes

How to make scrollable checkboxes

Making scrollable checkboxes is pretty simple. Set them up how you would as if they were not scrollable, but surround them in a container element (be that a fieldset, p, div, or the like). Give the container a class, like scroll_checkboxes. In your stylesheet, you’ll want to style the container to define it’s height and make it scrollable. Note that this is just a starting point:

.scroll_checkboxes {
height: 100px;
padding: 5px;
overflow: auto;
border: 1px solid #ccc

Wednesday, January 21, 2009

open multiple files in tabs, vim 7 can do that.

Remember last time when I open multiple files using vim, it will be loaded and store at the back buffer, in order to bring it to front, you need to first save your current file with :w then :bn for next :bp for previous. But seems vim 7 support tabs, I would like to open multiple files in tab for each file.

vim -p file1 file2 file3

But we might forget to specified -p and open files in the old manner, which my key maps to utilized tab become useless. I realize that if open one file with -p doesn’t have much different without -p, therefore, I play a trick. I set an alias in .bashrc ( .bashrc at home directory).

Insert this into .bashrc:

alias vi="vim -p"

alias allows me to change the way of calling vim, when I type vi, bash shell will replace vi command with vim -p. Therefore, now i can open multiple files in tabs like

vi file1 file2 file3

Important: after changing the .bashrc, terminal have to be restart to see the effects.


To move to next tab use


to previous tab


Max Says:
February 8th, 2008 at 2:47 pm

It’s better to use gt and gT to move forward and backwards in the tabs, respectfully. That way you don’t have to enter command mode.

100 Vim commands every programmer should know

100 Vim commands every programmer should know

Posted by Jean-Baptiste Jung on Jun 30, 2008 in Web development74 comments

Since the 70’s, Vi is one of the programmer’s best friend. Nevermind you’re new to Vi or not, here’s a big list of 100 useful commands, organized by topic, which will make your coder life better.


/word Search “word” from top to bottom
?word Search “word” from bottom to top
/jo[ha]n Search “john” or “joan”
/\<> Search “the”, “theatre” or “then”
/the\> Search “the” or “breathe”
/\<> Search “the”
/\< ….\> Search all words of 4 letters
/\/ Search “fred” but not “alfred” or “frederick”
/fred\|joe Search “fred” or “joe”
/\<\d\d\d\d\> Search exactly 4 digits
/^\n\{3} Find 3 empty lines
:bufdo /searchstr/ Search in all open files


:%s/old/new/g Replace all occurences of “old” by “new” in file
:%s/old/new/gw Replace all occurences with confirmation
:2,35s/old/new/g Replace all occurences between lines 2 and 35
:5,$s/old/new/g Replace all occurences from line 5 to EOF
:%s/^/hello/g Replace the begining of each line by “hello”
:%s/$/Harry/g Replace the end of each line by “Harry”
:%s/onward/forward/gi Replace “onward” by “forward” , case unsensitive
:%s/ *$//g Delete all white spaces
:g/string/d Delete all lines containing “string”
:v/string/d Delete all lines containing which didn't contain “string”
:s/Bill/Steve/ Replace the first occurence of “Bill” by “Steve” in current line
:s/Bill/Steve/g Replace “Bill” by “Steve” in current line
:%s/Bill/Steve/g Replace “Bill” by “Steve” in all the file
:%s/\r//g Delete DOS carriage returns (^M)
:%s/\r/\r/g Transform DOS carriage returns in returns
:%s#<[^>]\+>##g Delete HTML tags but keeps text
:%s/^\(.*\)\n\1$/\1/ Delete lines which appears twice
Ctrl+a Increment number under the cursor
Ctrl+x Decrement number under cursor
ggVGg? Change text to Rot13


Vu Lowercase line
VU Uppercase line
g~~ Invert case
vEU Switch word to uppercase
vE~ Modify word case
ggguG Set all text to lowercase
:set ignorecase Ignore case in searches
:set smartcase Ignore case in searches excepted if an uppercase letter is used
:%s/\<./\u&/g Sets first letter of each word to uppercase
:%s/\<./\l&/g Sets first letter of each word to lowercase
:%s/.*/\u& Sets first letter of each line to uppercase
:%s/.*/\l& Sets first letter of each line to lowercase

Read/Write files

:1,10 w outfile Saves lines 1 to 10 in outfile
:1,10 w >> outfile Appends lines 1 to 10 to outfile
:r infile Insert the content of infile
:23r infile Insert the content of infile under line 23

File explorer

:e . Open integrated file explorer
:Sex Split window and open integrated file explorer
:browse e Graphical file explorer
:ls List buffers
:cd .. Move to parent directory
:args List files
:args *.php Open file list
:grep expression *.php Returns a list of .php files contening expression
gf Open file name under cursor

Interact with Unix

:!pwd Execute the “pwd” unix command, then returns to Vi
!!pwd Execute the “pwd” unix command and insert output in file
:sh Temporary returns to Unix
$exit Retourns to Vi


:%!fmt Align all lines
!}fmt Align all lines at the current position
5!!fmt Align the next 5 lines


:tabnew Creates a new tab
gt Show next tab
:tabfirst Show first tab
:tablast Show last tab
:tabm n(position) Rearrange tabs
:tabdo %s/foo/bar/g Execute a command in all tabs
:tab ball Puts all open files in tabs

Window spliting

:e filename Edit filename in current window
:split filename Split the window and open filename
ctrl-w up arrow Puts cursor in top window
ctrl-w ctrl-w Puts cursor in next window
ctrl-w_ Maximise current window
ctrl-w= Gives the same size to all windows
10 ctrl-w+ Add 10 lines to current window
:vsplit file Split window vertically
:sview file Same as :split in readonly mode
:hide Close current window
:only Close all windows, excepted current
:b 2 Open #2 in this window


Ctrl+n Ctrl+p (in insert mode) Complete word
Ctrl+x Ctrl+l Complete line
:set dictionary=dict Define dict as a dictionnary
Ctrl+x Ctrl+k Complete with dictionnary


mk Marks current position as k
‘k Moves cursor to mark k
d’k Delete all until mark k


:ab mail Define mail as abbreviation of

Text indent

:set autoindent Turn on auto-indent
:set smartindent Turn on intelligent auto-indent
:set shiftwidth=4 Defines 4 spaces as indent size
ctrl-t, ctrl-d Indent/un-indent in insert mode
>> Indent
<< Un-indent

Syntax highlighting

:syntax on Turn on syntax highlighting
:syntax off Turn off syntax highlighting
:set syntax=perl Force syntax highlighting