General Notes

wget certificate validation

For years I've been using wget to download things from sites secured with SSL, but always got a "Certificate verification error .. unable to get local issuer certificate". You can bypass this with a switch (which is what I'd immediately afterwards) but one fateful day I decided to figure out how to fix it properly.

It turns out that OS X comes with a certificate bundle in /usr/share/curl/curl-ca-bundle.crt , but I downloaded a larger and presumably more hardcore one from here and put it in /usr/share/curl/

Then do this:

 echo ca-certificate=/usr/share/curl/cacert.pem >> ~/.wgetrc

Using curl instead of wget

Mac OS X comes with curl and not wget. I used to install wget, but a few reinstalls and new machines later, figured that I could learn to love curl, by way of the alias:

 alias curlget='curl -v  -L -C - -O'

curlget emulates default wget behaviour, which is to save the thing you asked it to download. Automatic resuming and redirect following is also enabled.

CPanel tips

CPanel causes me a fair bit of trouble! One problem I had was that an account had a number of mailboxes, but all mail was shifted to another mail server and the MX was updated. However, mail generated on the CPanel server was still being delivered locally. Predictably, this went unnoticed for two years. I fixed it by:

  • Deleting all mail accounts from the domain
  • Removing custom MX record (which caused it to point back to the CPanel server)
  • Adding customer MX record (making sure the checkbox about delivering locally wasn't ticked)
  • Check that /etc/localdomains doesn't contain the domain and that /etc/remotedomains does.

Installing mod_security alongside CPanel

This mostly works, but I tried and gave up once before when I got a line of the form:

httpd: Syntax error on line 33 of /usr/local/apache/conf/httpd.conf: Syntax error on line 9
of /usr/local/apache/conf/php.conf: Cannot load /usr/local/apache/modules/
into server: /opt/xslt/lib/ undefined symbol: xmlModuleClose

It turns out that CPanel or EasyApache or something compiles its own libxml2 in /opt (probably because PHP has XSLT support compiled in) and if you load /usr/lib/ as the example config suggests and they're different, it'll fail.

The solution: include the one in /opt with LoadFile /opt/xml2/lib/ or as appropriate for your system.

An even better tip: don't bother doing it manually! I installed a new Apache from EasyApache and it gave me the option to install the module from there.

Using mod_security to prevent Wordpress attacks

I really like Wordpress, but it has a nasty habit of bringing a server to its knees if someone bombards it with login requests or scan for vulnerable plugins. Security plugins like iThemes Security implement brute force lockout and 404 detection, but because requests still go through the PHP interpreter and the slow Wordpress guff, bots that don't bother looking at status codes continue to hammer you.

So! Here are some mod_security rules that might help a bit. They are adapted from this great article on blocking wp-login.php brute logins

SecAction phase:1,nolog,pass,initcol:ip=%{REMOTE_ADDR},initcol:user=%{REMOTE_ADDR},id:5000134
<Locationmatch "/wp-login.php">
    # Setup brute force detection.

    # React if block flag has been set.
    SecRule user:bf_block "@gt 0" "deny,status:401,log,id:5000135,msg:'ip address blocked for 5 minutes, more than 5 login attempts in 3 minutes.'"

    # Setup Tracking.  On a successful login, a 302 redirect is performed, a 200 indicates login failed.
    SecRule RESPONSE_STATUS "^302" "phase:5,t:none,nolog,pass,setvar:ip.bf_counter=0,id:5000136"
    SecRule RESPONSE_STATUS "^(200|403)" "phase:5,chain,t:none,nolog,pass,setvar:ip.bf_counter=+1,deprecatevar:ip.bf_counter=1/180,id:5000137"
    SecRule ip:bf_counter "@gt 5" "t:none,setvar:user.bf_block=1,expirevar:user.bf_block=300,setvar:ip.bf_counter=0"

<Locationmatch "/wp-content/plugins/.*">
    SecRule user:bf_block "@gt 0" "deny,status:401,log,id:5000135,msg:'ip address blocked for 5 minutes, more than 10 plugin scannning attempts in 3 minutes.'"
    SecRule RESPONSE_STATUS "^200" "phase:5,t:none,nolog,pass,setvar:ip.bf_counter=0,id:5000136"
    SecRule RESPONSE_STATUS "^404" "phase:5,chain,t:none,nolog,pass,setvar:ip.bf_counter=+1,deprecatevar:ip.bf_counter=1/180,id:5000137"
    SecRule ip:bf_counter "@gt 10" "t:none,setvar:user.bf_block=1,expirevar:user.bf_block=300,setvar:ip.bf_counter=0"

ErrorDocument 401 default

Compared to the original article, I've added in a check for 403 errors (which is what iThemes Security starts returning once it has locked you out), and added a new check that catches people scanning you for vulnerable plugins.

Make sure you keep an eye on your audit logs. I did some careful (well, grep and awk) analysis to work out what legitimate traffic patterns looked like before proceeding, especially with the second rule.

Name server has extra zones for each name server

My CPanel, has two name servers, and After moving to a new machine, I found that I could no longer resolve A records for either of them. The problem was that CPanel had generated two zones, for and and both were incomplete as they had no NS records. Thus even though A records were defined in, the more specific zones overrode those, even though bind decided they had errors and didn't load them.

The solution: use "Delete a DNS Zone" to get rid of the nameserver-specific zones.

OS X IP address change Growl notifier

There's a blog tag thingy going around where you run a command that tells you which command you run most often. Embarrassingly, mine is ifconfig, which I like to repeatedly run because OS X doesn't come with a watch command and I spend a lot of time using unreliable wireless networks. This prompted me to set up scripts that alert me via Growl when my address changes.

In ~/Library/LaunchAgents/org.tristesse.ipnotify.plist

 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "">
 <plist version="1.0">

In /usr/local/bin/ipnotify, which is chmod 755


 EN0IP=`ifconfig en0 | grep 'inet ' | cut -d' ' -f 2`
 EN1IP=`ifconfig en1 | grep 'inet ' | cut -d' ' -f 2`

 /usr/local/bin/growlnotify -H localhost --appIcon "Network"  IP address changed -m "IPs changed to en0: $EN0IP   en1: $EN1IP"

I found that I needed to enable Growl's "Listen for incoming notifications" or else growlnotify would miss messages. Apparently this is a bug with OS X Lepoard and Growl 1.1.2.

You have to tell launchd to load the new action, which is done by running launchctl load ~/Library/LaunchAgents/org.tristesse.ipnotify.plist

It might be worth modifying the script to only report if you've got an address, or you'll be notified even when no address is found, which you're unlikely to care about.

Even better would be to use ipconfig getifaddr. Note to self: locate and compile a list of OS X specific commands that replace BSD commands plus hackish string manipulation.

I'm not super happy with this arrangement any more, as Growl seems to occasionally get confused by my multi-monitor setup, such that unplugging the external monitor causes several hours of Growl events to start popping up. Also now that I have a 3G phone I don't try to randomly use wireless access points from moving buses.

Getting the current SSID in OS X

There are a few pretty ugly ways that I know of:

 ssid=`/System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/airport -I | grep ' SSID:' | cut -d ':' -f 2 | tr -d ' '`

 ssid=`ioreg -l -n AirPortDriver | grep APCurrentSSID | sed 's/^.*= "\(.*\)".*$/\1/; s/ /_/g'` 

 ssid=`system_profiler SPAirPortDataType | awk -F": " '/Current Wireless Network/{print $2}'`

Breaking the slot-load DVD drive in a MacBook

I broke the slot-load drive in my MacBook by pushing a DVD into the slot while the computer was powered off (this saves valuable seconds you'd otherwise spend switching it on, putting it in, and turning it off again, or alternatively finding somewhere safe to put the DVD. Apparently neither were appealing options for me at the time). I spent my teenage years pushing tray-loading CD-ROM drive trays in while they were powered off and suffered no ill effects. This just doesn't fly with a slot-load drive, though. If you've done this and find that it no longer accepts a disk, but rather makes crunching noises before spitting the disk out at a rather high velocity, have the drive replaced. Preferably under warranty.

Bash tips

When I remember all of these, they save me lots of time.

  • Ctrl + K - Clear the line after the cursor
  • Ctrl + U - Clears the line before the cursor position. If you are at the end of the line, clears the entire line.
  • Ctrl + T - Swap the last two characters before the cursor
  • Alt + T - Swap the last two words before the cursor
  • Alt + F - Move cursor forward one word on the current line
  • Alt + B - Move cursor backward one word on the current line
  • Alt + . - Insert last word of last command

Microsoft Exchange drops email when GFI FaxMaker uninstalled

I moved an installation of GFI FaxMaker from an Exchange 2003 server to a separate machine and installed the 'Exchange only' bit, which really just adds an SMTP connector pointing to the GFI machine's SMTP service. I then found that mail to was being dropped without bounces (and a message about failure to deliver with the advanced queue, or something). After some fiddling I found that I could add another domain to the connector (eg, and this would be relayed properly. It's possible to add a new domain to FaxMaker's 'accept' list through the registry, but the problem was due to FaxMaker's event sink not being unregistered properly when I uninstalled it.

Daniel from GFI helpfully provided the following VBScript:

 Const catidSmtpOnArrival = "{FF3CAA23-00B9-11d2-9DFB-00C04FA322BA}"
 Const bindidInboundSink = "{483C5DC8-22A0-4B74-9CA9-BA0084156FE0}"

 On Error Resume Next

 Set InboundSink = GetObject("IIS://localhost/SmtpSvc/1/EventManager/EventTypes/" & catidSmtpOnArrival & "/bindings/" & bindidInboundSink)
 If Err.Number = -2147023838 then MsgBox("Warning: Failed to connect to MetaBase. IIS is probably disabled.")
 If Err.Number = -2147024893 then MsgBox("Warning: FMSink is not registered in the MetaBase.")
 If Err.Number = 0 then MsgBox("Success: FMSink found in Metabase.")

The solution? Allow IIS metabase editing, edit the metabase, and remove all references to the FMSink (by searching for the ..56FE0 GUID).

List Exchange 2010 blocked sender domains

By default, blocked sender domains are subject to an enumeration limit, not a string truncation limit. If you block lots of stuff, you will need to adjust the limit to be able to view everything:

 $FormatEnumerationLimit =-1
 get-senderfilterconfig | fl BlockedDomainsAndSubdomains

MacBook gets stuck in overwrite mode

This only seems to bother me when running Windows in a VM, but occasionally I'll do something that causes overwrite mode to be activated. The MacBook doesn't have an Insert key, but it does have Fn-M (number pad zero)! This will switch it off.

Printing PDFs from a Windows service

I attempted to do this when making a Lexmark printer print PDF files when a button on the screen was pressed. The printer calls a JavaScript function that allows an executable to be run on the Windows server non-interactively. I couldn't get it to work until I used Foxit PDF Reader instead of Acrobat Reader. Presumably Acrobat is popping up a print dialog or a first-time license agreement (even though I duplicated all registry entries to the .DEFAULT user, tried running the service as a user who had run it before, etc.) Use Foxit.


I've tried them all, but I inevitably come back to sendmail. I used to qmail because of the elegance of vpopmail, but the need to patch qmail or add work-arounds to make it talk with random mail servers and lack of integrated Debian support turned me off. I've tried exim but despair when it seems to rely on external scripts to process mail. This isn't a bad thing for flexibility except when you're in a hurry to fix things. Note, this could merely be a problem with the CPanel mail implementation. In vanilla Debian installations, I've tried it but given up when I couldn't decipher how to set up masquerading within a few minutes. In one of my previous jobs, Postfix was the standard used everywhere and it was fine when someone else had defined our defaults, but from scratch I find it ponderous and not compelling next to sendmail, which is certainly awful in its own special way.

With sendmail, relay mail through specific port on specific SMTP server

In this example, host is listening on port 225 instead of 25. In /etc/mail/

 + FEATURE(`mailertable')dnl

 + Mesmtp225,      P=[IPC], F=mDFMuXa, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP/HdrFromSMTP, E=\r\n, L=990,
 +                 T=DNS/RFC822/SMTP,
 +                 A=TCP $h 225

Create /etc/mail/mailertable: esmtp225:[]


 makemap hash /etc/mail/mailertable < /etc/mail/mailertable

Make a new (usually by running make in /etc/mail). Restart sendmail.

With sendmail, obscure Received: headers when relaying

I noticed that an email I had sent someone was marked as spam because my dynamic IP address was on some blacklist. I use my own authenticated SMTP relay, so there's really no reason I'd want people to know my IP address. After some fiddling I came up with the following macro, which you may add to your

define(`confRECEIVED_HEADER', `$?{auth_type}(from $j) by $j ($v/$Z)$|$?sfrom $s $.$?_($?s$|from $.$_)
        $.$?{auth_type}(authenticated$?{auth_ssf} bits=${auth_ssf}$.)
        $.by $j ($v/$Z)$?r with $r$. id $i$?{tls_version}
        (version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})$.$?u
        for $u; $|;

This looks horrible, but it's a fairly simple modification of the default rule. uses $?{variable} $| $. as if, else, and end if operators respectively. So here, if auth_type is defined (which only occurs if an authenticated user is relaying through the server, which will only be local users), then show a simple "(from hostname) by hostname (8.14.3/8.14.3/Debian-9.2)" which is based on some other non-descript headers I managed to generate by invoking sendmail on the server from mutt. Otherwise, it proceeds with the default rule (from $?sfrom $s ... )

With sendmail and spamass-milter, don't check outgoing messages

Now that I've set up a secure mail relay, I can happily send mail from all manner of 3G and wireless connections. All of them are listed in RBLs, which makes me angry because SpamAssassin on my mail relay is marking my own messages as spam. Fortunately, Debian/Ubuntu's version of spamass-milter has a -I option that skips checks for authenticated users. This seems to work even with my dodgy hack above.

With sendmail, don't rate limit relaying for authenticated users

Taken from a post on comp.mail.sendmail after I installed an IP camera that likes to send me dozens of emails.

Put this at the bottom of your

# no rate control on daemon ports requiring authentication
R$*             $: $&{daemon_flags}
R$* a $*        $@ OK    

The whitespace before $: and $@ must be tabs.

Note - this doesn't actually seem to work! I haven't figured out why yet.

User account keeps getting locked

Windows XP workstation, Windows 2003 Server, password change policy. The user had a login script that reconnected various network drives. Some were reconnected successfully, others on a particular server were not. The script attempted to reconnect multiple times, leading to an account lockout. It turns out that Windows XP has a totally evil facility for caching network passwords that overrides domain credentials. It's accessible through Control Panel, User Accounts, but in this case group policy had disabled access to this. The solution was run the following command (fortunately, they were still able to do this):

 Rundll32.exe Keymgr,KRShowKeyMgr

One problem I found was that deleting the password entry didn't help - it was reappearing, possibly after logging out or rebooting. I fixed this by renaming the server and changing the username and password. Not sure if this was due to a weirded out Windows profile or what. Clues leading me to the problem: I installed Account Lockout Tools, specifically alockout.dll on the workstation and noted that wscript.exe was the culprit.

Winfast/Leadtek DVB Dongle Gold on Windows Vista

It didn't work for me out of the box. Winfast PVR2 would successfully scan for channels and crash a few seconds later. I downloaded the newest version of PVR2 from the Leadtek site, which didn't crash but couldn't see the USB device nor scan at all. I fixed it by uninstalling all Winfast-esque components, rebooting, then installing the driver from the Web site (which was the same version as on the CD anyway), rebooting, and installing PVR2 again.

Vista crashes with BSOD in tcpip.sys

This happened randomly, all the time. I tried many things to fix it, but my latest attempt has been to disable the CA firewall and use Windows Firewall instead. I've heard of ZoneAlarm causing similar problems.

Enabling international characters on Debian

For years I suffered with not being able to view international characters on Linux (which I use entirely over SSH), particularly in IRC. I finally cracked and fixed it by doing:

  • Edit /etc/locale.gen and uncomment the line, en_AU.UTF-8 UTF-8 (or the UTF-8 variant of the locale of your choice). Comment out whatever you had before that (mine was en_US.ISO-8859-1)
  • Run sudo locale-gen
  • Run sudo update-locale LANG=en_AU.UTF-8
  • Edit /etc/environment to be something like
  • Log out and in again

SSH X forwarding

If you do ssh -X and DISPLAY isn't being set, make sure you have X11Forwarding yes in /etc/ssh/sshd_config and that xauth is installed on the client.

nullmailer can't send mail to machine with same mailname


  • There is a mail server for
  • I have another server belonging to the same organisation who wants to send mail to
  • Sending email using mutt and nullmailer. On the server sending the mail, I have mailname set to
  • This doesn't work because nullmailer thinks that the destination system is the same, so it strips off the domain name, going stupid things like RCPT TO:<root>, which is rejected.


  • Set the mailname to something bogus like and force the outgoing address to be something valid-ish using a muttrc like
 set use_envelope_from 
 set envelope_from_address=""
 set from=""

MacBook trackpad button doing annoying clicking thing

Mouse button no longer clicked in a satisfactory manner, sometimes requiring more force and making a loud clicking noise when pushed in a certain way. I fixed this by getting a crisp bit of paper, jamming the corner under the edge of the button as far as it would go (1-2mm) and running it along to the other side. Examine all the grit accumulated on the bit of paper. Repeat on other edges with new corner.

Regenerate dovecot certificates on Debian

By default, Debian's dovecot package generates self-signed certificates that are valid for one year. You can rebuild them by doing

 sudo rm /etc/ssl/certs/dovecot.pem
 sudo rm /etc/ssl/private/dovecot.pem
 sudo dpkg-reconfigure dovecot-common

But if you want to not worry about it for even longer, you can replace the dpkg-reconfigure step with

 cd /etc/ssl
 openssl req -new -x509 -days 3650 -nodes -out certs/dovecot.pem -keyout private/dovecot.pem 
 /etc/init.d/dovecot restart

Copying files quickly with SSH

SSH is a bit slow for copying files on fast networks. Try using a faster cipher!

 sftp -o Ciphers=arcfour

This gives me 10 MB/s on a 100 Mbit LAN. For even better performance, the Pittsburgh Supercomputing Center has created a bunch of high performance SSH patches.

Hosts file on OS X Leopard

Changing the /etc/hosts file on OS X Leopard doesn't do what you want with every utility. It's better to update the Directory Service database directly:

 sudo dscl localhost -create /Local/Default/Hosts/ IPAddress
 dscl localhost -readall /Local/Default/Hosts
 dscacheutil -flushcache

OS X takes ages to connect to wireless network after waking from sleep

After using my computer for a while it seemed like the Airport wireless adaptor would take ages to connect to my wireless network - up to a minute. Doing the following really made a big difference:

  • System Preferences, Network, select AirPort, click on the gear icon, Set Service Order, and drag AirPort to the top. OK.
  • Advanced, drag main network to the top of the Preferred Networks list.

PostgreSQL prompts

It's nice to know if you're operating within a transaction in PostgreSQL in the event that you're doing something nasty. Luckily there's a built-in way of changing the prompt to show the transaction status. I did the following:

 echo \\set PROMPT1 '%/#%[3[1;31;40m%][3[0m%] ' >> ~/.psqlrc

This makes a bold red asterisk show up if you're within a block.

OpenSSH port forwarding

I like to use OpenSSH's ControlMaster feature, but unfortunately this doesn't allow you to add new TCP forwarding channels once the master has been established. You can use OpenSSH's little-used command line console to do it, though!

Hit <enter>~C to get a prompt. From there you can enter -L .

Resizing DMG files

I had a compressed DMG file that was generated from a DVD, but the files within it would fit on a CD-R. The DMG was formatted to 4.7GB in size (but compressed to much less than that) and had heaps of free space. I wanted to preserve the DMG structure because it has a nice icon and background and such, and burn it to CD using Disk Utility. Here's how to do it!

hdiutil convert BigDmg.dmg -format UDRW -o SmallRW.dmg
hdiutil resize -limits SmallRW.dmg

Note the numbers:

 min 	 cur 	 max 
1260232	1260240	414403584

You can resize it as small as min (though I added a few for breathing space). Note that this doesn't work at all if the DMG contains a read-only filesystem, such as ISO9660.

hdiutil resize -sectors 1260236 SmallRW.dmg

Now you can successfully burn it to a CD-R using Disk Utility!

Delete camera photos from iPhone

Despite a few people saying that you can, perhaps in earlier versions, I couldn't see a way to delete already-imported photos from my iPhone using iPhoto or Image Capture without importing them again and potentially having trouble with duplicates or things I'd already gone through and deleted. Rather than delete them one-by-one, I used PhoneView, which easily completed the task! Sync is now much faster - apparently all photos are copied every time the phone is backed up! I got the program as part of a MacHeist bundle, I think.

Copying IMAP mailboxes

When migrating an email user, it was necessary to copy all email over to the new account. The only access to the source account was via POP/IMAP so I had a look at the various options out there. The first one that came to mind was fetchmail. A quick look at the options left me unsure about whether it would happily deliver to a local email address rather than a Unix user. Probably, but it wasn't one of the standard examples. Next up was imapsync. It depends on Date::Manip, but the only version apparently available would not run with the elderly Perl in the Centos Whatever installation in question. Some time wasted seeing if the CPAN module had an option to install older versions, then looking at the CPAN and module author's site. Next up was imapcopy. After creating a configuration file, it logged in to both accounts and promptly failed to read messages successfully. There weren't many options so I presume it's just not well updated. The final solution - set up the two accounts in Thunderbird and just drag them over. I should have done this first and not wasted half an hour.

Singular matrix errors in Spice/PSpice/LTspice/Xspice

Whenever I tried to simulate any vaguely complicated circuit in Spice, I'd run up against 'singular matrix' errors. The standard response forum response is to check your wiring. If that all looks fine, I discovered that you can provide an RSHUNT value! This adds a resistor between every circuit node and ground, thus eliminating these mathematical matrix maladies. Give it a value like 1e12 and try again.

Mac OS X hibernation modes

We had a brief but impressive electrical storm on the night of the 31st of July 2010. When I got home, my peacefully sleeping iMac had powered itself off, probably due to a power failure. It turns out that iMacs will happily do a 'safe sleep', which you may enable with a

sudo pmset -a hibernatemode 3

This does a normal sleep and also saves the contents of RAM to disk, so you can wake up at normal speed, or if there's a power failure, pick up where you left off after a somewhat more lengthy wait. This is great! I recall that this is the default behaviour on portables, but at one point I switched it off by setting hibernatemode to 0, which means that it doesn't bother suspending to disk. The reason why you'd want to do this? Slam the lid shut and you can immediately put your computer away with a flourish. Otherwise, you need to wait for the power light to start pulsing before you do any flourishing, which only happens when the disk has stopped. I used to use my computer on buses regularly when I was commuting to Flinders Uni, so this meant that I could sod around until the very last moment. keeps asking you to accept incoming connections, even though it's allowed in the firewall settings

This happens when a (cryptographically) signed application is changed in some way. Unfortunately the behaviour is to prompt you endlessly rather than telling you what has actually happened. There are two ways to fix it. The easiest is to delete iTunes, then download and reinstall it. The second easiest way is to figure out what has changed. In my case, I did:

$ codesign -vvv a sealed resource is missing or invalid
/Applications/ resource added
/Applications/ resource added

Neither of these files looked very exciting so I just deleted them. After that, codesign reported that satisfies its Designated Requirement and the firewall message has gone away.

Windows Live Mail on Windows 7, can't send email

Unknown error, 0x80070057. The only thing that seems to fix it is to work offline, delete all messages in the outbox, restart Mail, go online, and re-create the emails. Madness.

Canon MX860 printer installation stuck at "Registering the program information"

I wanted to reinstall a driver after getting a warning that "enable bidirectional support" was off, but the option was greyed out. Downloaded the newest driver from Canon, and it got stuck.

Solution: add manually by looking inside the zip file and installing printer manually through the add printer thing. Create a Canon network port (if appropriate) though I'm not entirely sure how this port type will be available on the first installation. Hopefully the aborted initial attempt installs this component.

Run SSH and HTTPS on the same port

Running SSH on port 443 is a handy trick for bypassing naive firewalls, but unless you have a spare IP address this means foregoing HTTPS. Since SSL certificates can be obtained for free from StartSSL, there's really no reason not to use them. Fortunately, you can use HAProxy to run SSH and SSL on the same port.

Acer Aspire 6920 recovery

It's a dark and stormy night, and you want to restore your Acer Aspire 6920 to factory defaults. However you've scratched your recovery CD and the serial number sticker has rubbed off, so you can't order replacement media from Acer. Fear not - you can press Alt-F10 while the BIOS is starting up to boot from the hidden partition!

List all users, home directories, profile directories and terminal server profile directories

Here's a simple VB Script that creates a CSV of the above information.

Dim rootDSE, domainObject
Set rootDSE = GetObject("LDAP://RootDSE")
domainContainer = rootDSE.Get("defaultNamingContext")
Set domainObject = GetObject("LDAP://" & domainContainer)

Set fs = CreateObject ("Scripting.FileSystemObject")
Set outFile = fs.CreateTextFile (".\HomeDirs.txt")


If Right(strNewPath, 1) <> "\" then
   strNewPath = strNewPath & "\"
End If
strSearchContext = UCase(strSearchContext)
outFile.WriteLine "User Name,Home Directory"
Set oDomain = Nothing

Sub ExportUsers(oObject)
   Dim oUser
   For Each oUser in oObject
      Select Case oUser.Class
         Case "user"
           tspath = ""
           on error resume next
           tspath = ouser.terminalservicesprofilepath
           outfile.WriteLine oUser.sAMaccountName & "," & oUser.homeDirectory & "," & ouser.profilepath & "," & tspath
         Case "organizationalUnit" , "container"
      End select
End Sub