Author Archives: alesk
Using RUNAS to launch Explorer as less-privileged user
As you probably know, runas.exe is a great tool for lowering the privileges under which some “unsafe” programs can run. One such example might be Firefox (or God forbid, Internet Explorer) or your favorite e-mail client, or perhaps Explorer itself. Well, explorer.exe is special in this case, because out of the box it doesn’t run with runas. I really never cared to find out why. Tonight was the night :-)
I entered the following magic keywords in Google search box: “Why can’t you run Explorer with runas” and few seconds later clicked on the very first hit Runas with Explorer that explains the topic quite well.
I prefer second suggested solution. Let’s say, that you have a special local user with minimal privileges, called Internet and that you would want to use that account for every (potentially) unsafe operation, including launching Explorer that’ll be used to run other programs and files.
You’ll have to change SeparateProcess flag for Explorer for the Internet user:
1) Log on locally as Internet user and open the registry editor – regedt32
Better yet, use runas:
cmd> runas /user:hostname\Internet regedt32
…where hostname is the name of your workstation.
2) Navigate to HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced and change SeparateProcess from 0 to 1.
3) Now, you can create shortcut on your desktop to launch Explorer as Internet user:
Target: runas /user:hostname\Internet explorer.exe
Regards,
Ales
Critical bug in ArcServe Agent 9.0
If you still have ArcServe 9.0 (confirmed on Build 2050) Agents around the server farm, be very careful if you backup mounted volumes on Windows 2000/2003. This is usually the case on database servers to avoid the letters for the individual volumes.
Let’s say that you have the following mount points:
D:\ORADATA\ORADB\DATA01 —> pointing to VOLUME1
D:\ORADARA\ORADB\DATA02 —> pointing to VOLUME2
You prepare backup in ArcServe as usual, connecting to the Agent, selecting above directories, running the backup and everything seems kosher….until you try to do a restore. At that point you can find out that mount point D:\ORADATA\ORDB\DATA02 contains the files from some random volume. Yes, it means that backup is useless. No error, everything is working fine, it’s just that ArcServe Agent 9 gets somehow wrong information about the volume. For example out of 10 mounted volumes, nine of them will be backed up correctly and one will have unreasonable content – from another volume. One workaround is to add a drive letter with Disk Manager to the problematic mount point, then backup the drive by letter not by mount point.
I couldn’t find any official CA bug note, all I know is that this doesn’t happen with ArcServe 11.5 (SP3) agent.
The moral of this story is to test your restore procedures as much (or more) as you do the backup itself.
Regards,
Ales
SQORAS32: An Unsupported operation was attempted.
A sequence:
1) clean installation of 32-bit Oracle 10.2.0.1 client with Windows components/interfaces (ODBC, OLEDB …) on Windows XP (SP2)
2) installation of patchset 10.2.0.3
If you try to run “Data Sources Administrator” (Control Panel -> Administrative tools) to to add system DSN, selecting Oracle ODBC driver, you’ll receive error: SQORAS32: An Unsupported operation was attempted.
You have to apply Patch 5699495 on top of Patchset 10.2.0.3 (p5699495_10203_WINNT.zip). Patch installation is done simply by replacing some files with the ones from the patch 5699495. Refer to readme.txt for instructions.
Testing Oracle OID
I thought we could benefit from the central list of articles about Oracle Internet Directory (OID), that I used (and will be using) to prepare test environment for OID. As you know Oracle Names server is deprecated and replaced by Oracle Internet Directory – a beast in it’s own. My main goal was to setup Oracle OID for resolving Oracle services (to replace local TNSNAMES.ORA files on our client machines).
Note, that you can use OID as a replacement for Oracle Names Server free of charge! The second goal is to test out OID as a central LDAP directory for user authentication – OID in this role needs appropriate license.
Articles:
- the first article that I read was the one from Howard Rogers, “Implementing Oracle Internet Directory”. An excellent starting point. My OS was fresh installation of Windows 2003 Standard Edition instead of CentOS from the article. Despite of that an installation was trouble free. Article is so well written that you can’t go wrong if you follow instructions (and use some mojo between the ears ;-).
- OTN How-to article: How to set up Enterprise User Security
- OTN White Paper: Enterprise User Security With Oracle Database 10g, by Dan Norris, TUSC [PDF]
- Oracle manual: Oracle® Database Enterprise User Administrator’s Guide
SIOUG 2007 – presentation material
Presentation material from SIOUG 2007 is available in pdf format – or better said, only part of it. I’m a bit disappointed, that three weeks after the conference, I could not refer to a single paper from my favorite guest speakers: James Morle, Cary Millsap, Julian Dyke and Wolfgang Breitling, nor papers from Jože Senegačnik. I hope SIOUG site will be updated with the missing material soon.
In general, I think SIOUG 2007 conference was a success. The Wednesday alone was worth the conference fee (if you ever had a chance to listen to Cary Millsap, then you know what I’m talking about – not that other speakers were bad, it’s just that the Cary presentation style and skills are in it’s own class).
Did I dislike something about SIOUG 2007 conference (apart from missing presentation material)?
You bet (after all, I have to take care about my grumpy-ego trip-attitude;-) :
- a lack of discipline from the speakers to finish with the presentation on time, which resulted in cascading time conflicts with presentations done in other tracks. The guest speakers showed better sense for the time.
- the most boring stuff on conference were “self-promoting” presentations done by conference sponsors. Some of them were so boring that not even a double Turkish coffee could keep me awake. One of the CEO was so eager and so ridiculous in his bragging at the same time, that the audience start laughing at some point – he thought we’re laughing at his gag – so he bragged a bit more …. do you sense Catch 22 here ;-)
- official conference photographer was a real pain in the ass, someone should took those damn batteries from him, or tell him that one or two photos per session are enough, not 10-15 from five different angles. Give us a break, this is a technical conference not some fashion show in Milan.
- venue of the conference really sucks. I know that I’m more or less alone in this opinion :-)
dbaportal.eu 