Powershell – Update NTFS Audit Levels

Here are the required steps for updating audit rules on Windows NTFS shares with PowerShell.

 # PowerShell Script used for updating and removing NTFS Audit Rules
 # The $path variable represents the UNC path to the share that the script is being executed against.
 # Comment or Un-Comment the Remove or Set rules to update a shares permissions.
 $path \\\
# Get the current ACL details
 $CurrentACL = get-acl $path
if (!($CurrentACL -eq $null)) {
# Success & Failure
 $AccessRule = new-object System.Security.AccessControl.FileSystemAuditRule("Everyone","ChangePermissions,DeleteSubdirectoriesAndFiles,Delete,TakeOwnership","ContainerInherit","None","Success,Failure")
# Remove Audit Rule
# Set New Audit Rule
# Apply New Permissions
 set-acl $path -AclObject $CurrentACL
 } else {
 Write-Host "ACL's unsuccessfully pulled from path $path"

NetApp SnapMirror 7-Mode to Cluster-Mode

Here are the steps required to manually initiate a snapmirror relationship between a NetApp 7-Mode and a Cluster-Mode

7-Mode to Cluster Mode Version Requirements
Source Filer: 8.x 7-Mode and Higher
Dest. Filer: 8.2.x and Higher

7-Mode Source Filer Steps
– Allow destination filer either within snapmirror.allow file or within options snapmirror.access host =

Cluster-Mode Destination Filer Steps
– Create a new transition Lif assigned to a Node which is set to intercluster for both the Role and the Firewall Policy.
– Create a vserver peer transition relationship between the source and destination filer and associate it to the transition lif
– Create a new destination volume that is the same size or bigger than the source volume. Make sure to specify the type of the volume as DP (data protection)
– Create the new snapmirror relationship with type set to TDP
– Initialize the mirror using snapmirror initialize followed by the destination path

Optionally you can create a snapmirror policy that is applied to any new transition snapmirror relationships to ensure consistency when cutting over volumes in bulk.

OS X 10.9 Epson Printer – Enable Duplex Printing

Epson recently released a driver update for OS X 10.9 Mavericks which automatically shows up within the Apps/Software update menu. Like most users my wife dutifully added the update which then removed her duplex printing settings.  Screen Shot 2014-01-26 at 1.50.30 PM
Notice the “Two-Sided” printing option is off and grayed out.
While I’m sure this was unintended it did pose a real problem. After reinstalling drivers and the printer itself several times I found the following fix.

1. Select “Printer Features” from the pull down menu (Hint: Click Layout)
2. From the “Feature Set” pull down menu select “General 6″

Screen Shot 2014-01-26 at 1.53.13 PM

You’ll notice that buried within this sub menu is the option we’re looking for.

3. Select 2-Sided Printing ON
4. In order to ensure you never have to set this option again save your new settings.
Screen Shot 2014-01-26 at 1.58.41 PM

You can see in this screen capture I’ve already saved mine as “Duplex!”

Fix OS X Mavericks Continuously Prompting for KeyChain Password

Symptom: Upon login OS X Mavericks continuously prompts you for a Key chain password which does not match either your iCloud/iTunes credentials or your local login credentials.


* Go to Finder.
* On the Finder menu, click on “Go”, then on “Go to Folder”. A box should come up.
* On the box, type in “~/Library/Keychains/” and click on “Go”. It should lead you to the Keychains folder where you will find three items: (1) a folder with a name mixed with letters and numbers, (2) login.keychain, and (3) metadata.keychain.

* Delete the folder with a name mixed with letters and numbers.
* Restart your computer. Check to see if the problem has been solved.

Solution Source: http://forums.macrumors.com/showthread.php?t=1652089

Fix: Youtube buffering issue

Over the past two weeks I’ve noticed a continuous issue with loading youtube videos and having them endlessly buffer. Tonight I did some digging and found a quick fix!
The solution is pretty simple, and involves blocking a specific IP range associated with Verizon FIOS servers which are buffering Youtube traffic.  Since the IP may be different depending on your location I’ll go through the simple steps to identify the IP to block and the associated OS X command to run to block it.

1. Open a terminal window and type “traceroute youtube.com”
2. Note the first IP address which shows up outside of your network.  It should be the one which doesn’t start with 192.x.x.x
On my network the offending IP is:
l100.<your area>-vfttp-<some number>.verizon-gni.net (  19.260 ms  20.116 ms  18.862 ms
Also, note any entries which end in “alter.net” as these are Verizon FIOS servers.
3. Test loading a highdef youtube video.  Make sure to switch its resolution up to 1080p, and watch it buffer.
4. From the terminal window block the offending IP by running the following command
sudo ipfw add reject src-ip in
5. Confirm the IP is now blocked by running sudo ipfw list
Example output:
00100 reject ip from to any in
6. Refresh your browser by hitting F5 and reload the high def YouTube video.
Note, if this doesn’t work the blocked IP subnet can be removed using the following command:
sudo delete 00100 reject ip from to any in
If this doesn’t work you can also try blocking the IPs found within this post.

NetApp – Calculate Maximum Number of inodes per Volume

NetApp volumes allow for inodes to be dynamically allocated/increased on volumes which are provisioned on an array.  This begs the question, what is the maximum inode count supported by a volume and how is the maximum number calculated?

inodes = files

“The maximum number of inodes is limited to one inode per one block in the filesystem. (which is 1 inode per every 4KB).  It is generally recommended to NOT go that low.”

TB (Volume) GB MB KB
1.2 1,228.8 1,258,291 1,288,490,189

1,288,490,189KB / 4KB Blocks = 322,122,547 supported files / inodes per 1.2TB volume.

Credit where credit is due… https://communities.netapp.com/thread/2176

NetApp vFiler – Change IPSpace

NetApp virtual filers are handy for implementing multiple isolated environments which can have their own domain authentication and network isolation.  In order to completely isolate a vFiler from a physical filers interfaces separate dedicated interfaces must be assigned.  In the NetApp world interfaces are grouped based on IPSpaces.  For each IPSpace there can only be one default gateway.  By creating multiple IPSpaces you can isolate a vFilers storage traffic and also allow for multiple default gateways.  The use of multiple default gateways removes the need for adding static routes to the physical filer and also precludes asymmetric routing issues from occurring.

Goal: Change the IPSpace of an existing vfiler without losing any of the existing configuration settings.

Note: You will need to recreate any local accounts previously created using the useradmin command.


Make a copy of the following files prior to attempting to change your vfilers IPSpace.

  • \etc\rc
  • \etc\passwd
  • \etc\quotas
  • \etc\registry
  • \etc\hosts
  • \etc\exports (only if the filer serves NFS shares)
  • \etc\cifsconfig_share.cfg (only if the filer serves CIFS shares)
  • \etc\cifs_homedir.cfg (only if you use home directory mapping capability)

Active Directory Filer Association

  • \etc\cifssec.cfg
  • \etc\krb5.keytab
  • \etc\krb5auto.conf
  • \etc\lclgroups.cfg

Create the new VIF & IPSpace. Note that vifs which use LACP will initially come up but show as broken until an IP address is bound to it.

brain dump in progress…