Setting all SQL Server databases to “simple” recovery model and deleting all the transaction logs

Sometimes, you just want things brutally simple and stupid. I was searching for how to do this, and stumbled upon this post on SQL Server Central.

Turns out the query listed there doesn’t handle databases with weird names, containing version numbers with “.” in them, for instance.

Thus, I modified it slightly, adding brackets and such, and came up with the following:

USE MASTER
DECLARE
@isql varchar(2000),
@dbname varchar(64),
@logfile varchar(128)
    
DECLARE c1 CURSOR FOR
    SELECT  d.name, mf.name as logfile--, physical_name AS current_file_location, size
    FROM sys.master_files mf
    INNER JOIN sys.databases d
    ON mf.database_id = d.database_id
    WHERE recovery_model_desc <> 'SIMPLE'
    AND d.name NOT IN ('master','model','msdb','tempdb') 
    AND mf.type_desc = 'LOG'
OPEN c1
FETCH NEXT FROM c1 INTO @dbname, @logfile
WHILE @@fetch_status <> -1
    BEGIN
    SELECT @isql = 'ALTER DATABASE [' + @dbname + '] SET RECOVERY SIMPLE'
    PRINT @isql
    --EXEC(@isql)
    SELECT @isql='USE [' + @dbname + '] checkpoint'
    PRINT @isql
    --EXEC(@isql)
    SELECT @isql='USE [' + @dbname + '] DBCC SHRINKFILE ([' + @logfile + '], 0)'
    PRINT @isql
    --EXEC(@isql)
    
    FETCH NEXT FROM c1 INTO @dbname, @logfile
    END
CLOSE c1
DEALLOCATE c1

NOTE: The “EXEC()” statements are commented out, so you can inspect what’s going to happen before adding them back in.

Debugging SQL Server Query Performance

To enable timing of your query:

SET STATISTICS TIME ON

Time statistics provides output like this in the “Messages” tab of SSMS after running a query:

(127 row(s) affected)

 SQL Server Execution Times:
   CPU time = 0 ms,  elapsed time = 42 ms.

To show IO statistics:

SET STATISTICS IO ON

..which provides stuff like this:

(74394 row(s) affected)
Table 'Audit'. Scan count 1, logical reads 284, physical reads 0, read-ahead reads 0, lob logical reads 0, lob physical reads 0, lob read-ahead reads 0.
Table 'Users'. Scan count 1, logical reads 27, physical reads 0, read-ahead reads 0, lob logical reads 0, lob physical reads 0, lob read-ahead reads 0.

This shows you things like logical and physical reads (memory vs. disk reads). As you can see, my current query runs entirely in memory, but we can change that…

To completely flush the disk cache, query cache, and whatever other cache and start with a clean slate

DBCC FREESYSTEMCACHE ('All')
DBCC FREESESSIONCACHE
DBCC FREEPROCCACHE
CHECKPOINT
DBCC DROPCLEANBUFFERS

Lastly, I’d like to point in the general direction of Erland Sommarskog‘s excellent article with a very long title:
Slow in the Application, Fast in SSMS? – Understanding Performance Mysteries” – archived here.

Happy debugging!

Force SQL Server Database offline

If you right click a database in SSMS and select Tasks => Take Offline, you might find yourself staring at this dialog for hours, if there are active sessions running queries on your database.

Offline

Here’s how to force it to go offline, rolling back any current transactions. Replace [dbname] with the name of your database.

USE master
GO
ALTER DATABASE [dbname]
SET OFFLINE WITH ROLLBACK IMMEDIATE
GO

To get it back online, you can do this

USE master
GO
ALTER DATABASE [dbname]
SET ONLINE
GO

Automatic Windows Logon on Domain Member Machins

On a Windows machine, you can normally use Start => Run => control userpasswords2 to enable automatic login for a given user when the system boots. On computers that are part of a domain, this is not the case. However, while the functionality is removed from the user interface when you join a domain, it is still available if you’re comfortable mucking about with the registry.

Using Regedit, go to “Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon“.

There are 4 keys you need to set to allow automatic logon:

  • AutoAdminLogon, REG_SZ => 1
  • DefaultDomainName, REG_SZ => YourDomainNameHere
  • DefaultPassword, REG_SZ => YourSecretPasswordInClearText
  • DefaultUserName, REG_SZ => YourUserName

Add or edit the keys to match your domain setup and reboot. Autologin should function as intended after this.

AutoLoginWindowsDomain

Fixing empty search results in the Windows 10 Settings (the shiny new Control Panel)

This happened on a few machines I am responsible for, after the upgrade to Windows 10.
You click “Start”, type “updates”, it suggests “Check for Updates” in the “Settings” app, you click <enter> and it opens an empty settings window with no search results. Great.

After looking around for a while, I stumbled over the fix, detailed by winaero.com and rchived here.

In short:

  1. Win+R
  2. %LocalAppData%\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalStatez
  3. Right click the directory called “Indexed”, go to Properties => Advanced
  4. Click “Allow files in this folder to have contents indexed in addition to file properties”
    If this option is already selected, de-select it, finish point 5, then go back through this list again to re-select it
  5. Click OK a few times, and agree to propagate the settings to subfolders and files

Hooray! Search works.

Working Search

W: [pulseaudio] authkey.c: Failed to open cookie file ‘/home/user/.config/pulse/cookie’: No such file or directory

W: [pulseaudio] authkey.c: Failed to open cookie file '/home/user/.config/pulse/cookie': No such file or directory
W: [pulseaudio] authkey.c: Failed to load authorization key '/home/user/.config/pulse/cookie': No such file or directory

I had this problem on an embedded box, with no X11, or even a screen. Turns out that at least some versions of Debian have an issue where not all programs agree on where the cookie file should be stored. Doing ls -la in my home directory revealed I had a ~/.pulse-cookie file, but I didn’t, as the warning message stated, have a ~/.config/pulse/cookie file.

I made this warning go away by symlinking where one program was looking for the cookie to where the cookie actually was.

mkdir -p ~/.config/pulse
cd ~/.config/pulse
ln -s ../../.pulse-cookie cookie

..and Bob’s your uncle. No more warnings.

Export certificates marked as not exportable in the Windows certificate manager

So, you need the private key for a certificate on Windows, for some innocent snooping around with Wireshark, but someone marked it as not exportable. Now what?

Cue Gentil Kiwi and his tool Mimikatz.

For future reference for myself, I’ve archived a copy of the source here, and the binaries here.

The following commands will extract the certificates from the local store:

crypto::capi
crypto::certificates /systemstore=CERT_SYSTEM_STORE_LOCAL_MACHINE /export

The password for the pfx files is “mimikatz” (no quotes).

To convert a pfx to a pem file, you can do something like this:

openssl pkcs12 -in CERT_SYSTEM_STORE_LOCAL_MACHINE_nicecert.pfx -out cert.pem -nodes

If it’s for use in Wireshark, you also need to add -nocerts:

openssl pkcs12 -in CERT_SYSTEM_STORE_LOCAL_MACHINE_nicecert.pfx -out cert.pem -nodes -nocerts

My tweaks to Kali Linux (note to self)

Here are some of the things I did to make Kali Linux 2016.1 suit my taste, mostly intended as a note to myself, but posted here in case it helps anyone else.

General checklist

  • Install aptitude and update everything
  • Add settings icon to left panel
  • Enable mouse tap to click in “Settings => Mouse & Touchpad”
  • Tweaks => Power => Don’t suspend on lid close
  • Enable sound, but disable alert sound (sonar)
  • Disable all power saving (“Power”)
  • Enable privacy settings, purge stuff after 7 days (“Privacy)
  • Tweaks => Extensions => Disable Easyscreencast
  • Settings => Keyboard => Input Sources => Remove superfluous keyboard layouts

Install fun stuff

apt-get -y install \
dconf-editor \
gnome-power-manager \
autossh \
vim \
screen \
iotop \
iftop \
virtualbox \
torbrowser-launcher \
aptitude

Automatically log in as root

Edit /etc/gdm3/daemon.conf

AutomaticLoginEnable = true
AutomaticLogin = root

Enable smartmontools

Edit /etc/default/smartmontools

start_smartd=yes

Shut down with power button

Note: shutdown option missing as of 2016-05-16

gsettings range org.gnome.settings-daemon.plugins.power power-button-action
gsettings set org.gnome.settings-daemon.plugins.power power-button-action 'shutdown'

Encrypted swap

For separate partitions, use the existing guide for Debian.
For swap files in encrypted filesystems, do this:

dd if=/dev/zero of=/.swap bs=1G count=16
chmod 600 /.swap
mkswap /.swap
swapon /.swap
echo "/.swap none swap sw 0 0" >>/etc/fstab

Disable auto-locking and that stupid slide screen

gsettings set org.gnome.desktop.session idle-delay

Install qemu and virt-manager

apt-get -y install qemu-kvm virt-manager
systemctl enable libvirtd.service

Set a custom default window manager (like xfce)

I now use the default environment, but it’s here in case anyone finds it interesting anyway

apt-cache search kali-desktop
apt-get -y install kali-desktop-xfce
update-alternatives --config x-window-manager
update-alternatives --config x-session-manager