Thursday, June 03, 2010

Using SCVMM Console on a foreign Domain

Microsoft designed windows AD Domains to put security boundaries around organisations, and enable structured administration of them. There are some times when you wish that your machine could be a member of more than one domain, but that is just not possible without setting up AD domain trusts etc.

My home lab is a good example - My laptop is on my employer's domain where other people in other countries are the administrators, and my virtual machines are on another where I am the evil overlord.

While it would be cool to link them all together, it's far too complicated and frankly I dont want my employer's IT department tinkering with my lab machines, and they wont be setting up any employer-employee domain trusts anytime soon.

I wanted to manage my virtual machines from my laptop, without changing it from the configuration I had, here's how I managed to get it working for System Center Virtual Machine Manager, and Hyper-V Administation tools:

My lab looks like this:

SCVMM R2 on a Hyper-V VM Win2k8 box, in it's own domain (its a DC actually as well, but that doesnt matter), and  a Laptop client running Win7 x64 in a different domain (no relationship between them)

•Login to client PC as your normal domain user account
•Install SCVMM console from media as usual.
•create an account on the SCVMM servers' domain with the same username and password as your client, make yourself a domain admin for good measure (you may not need this step, but all home labs need lots of domain admins!)
•Make SCVMMDomain\youraccount a SCVMM admin in the SCVMM console on the server.
•Get hold of John Howard's HVRemote script and run on both client and server to enable anonymous dcom (cscript hvremote.wsf /AnonDCOM:grant ) _ WARNING: You are opening up your DCOM security here, be aware of this and read-up if you are concerned.

•Each time, just before you launch the console on the client Establish a secure connection from client to server: (non admin command prompt on client) :

net use \\scvmmserver\ipc$ /user:scvmmdomain\youruser

(note that if you've setup correctly you shouldnt be asked for a pw)

Now launch SCVMM console, and connect to server

Boom.

(worked for me, your mileage may vary, if you cannot get this to work, follow John's blog details for remote Hyper-V admin console access from your client to the server - I had this working first, then added SCVMM console afterwards) I seem to get remote consoles and everything to my VM's as well, with the occasional disconnect - but hey.

BTW, unless an app is coded specifically to close all sessions and re-authenticate against the server or to 'get' the domain it's connecting to from the client (e.g ad domain tools) this trick should work for most apps like this that 'assume' (quite rightly) that everything is on the same AD domain, or a trusted domain.

Wednesday, June 02, 2010

Hyper-V Remote Management without Domains?

If you have a home lab system, and dont run a 'real' AD domain, Hyper-V's remote admin tools can be un-cooperative.


Until I discovered John Howard's Hyper-V Remote Management Configuration Utility that can fix all those annoying security issues that prevent two machines that dont have a domain from managing each other.

8-)

Monday, March 22, 2010

Twitter controlled lights?

Just in case you though I'd gone away, here's a little hack to enable you to use Twitter to send commands to your BBSB (Bye Bye Standby) Online Controller.
This is a software hack, involving no Arduino's or soldering(!)
In this post, I use the Linksys NSLU2 Linux based NAS appliance, but I'm sure any Linux machine will happily play along with this, provided you've isntalled Perl.
Once you're set up ( see instructions on this link), you simply DM (Direct Message) your controller using Twitter - and hey presto!
DM mycontroller lounge lights on
Enjoy.
(Usual policy of shoddy coding applies of course)
UPDATE: Due to changing ISP, the links in the PDF are not valid - use these instead:
 
UPDATE: Twitter has stopped allowing basic Authentication, so these scripts will not work without modification - if you do update them please let me know 8-)




Friday, January 15, 2010

Putting your watts on the web (Part 2) for CC128 users!

Just a quick update on the CurrentCost interfacing to the NSLU2. I posted earlier, thanks to manutitou over at pachube.com, he's figured out how to force the NSLU2 serial port to the higher default baud rate of 57600 that is needed for the CC128 CurrentCost.

He tells me that this is working for him: (take a look at his feed)

stty -F /dev/ttyUSB0 speed 57600 raw cs8
57600
stty < /dev/ttyUSB0
speed 57600 baud; line = 0; min = 1; time = 0; -brkint -icrnl -imaxbel -opost -isig -icanon

Nice one. Update your scripts if you used mine, or your own version accordingly and enjoy.