5 January 2022

Reset password on locked-out Domain Admin

Sometimes things happen and a password gets forgotten or lost, or in the worst case it wasn’t updated in your password management tool after it was changed. We’ve likely all had to bug another admin to reset our password for one system or another. It happens. But what happens if you are the lone Domain Admin and lock yourself out? Luckily, there is a way to get back in if you do get locked out.

  • Download the Windows Server 2016 ISO.
  • Attach the ISO to your DC virtual machine.
  • Reboot the VM into the ISO
  • Select: Repair your Computer -> Troubleshoot -> Command Prompt
  • At the command prompt, run the following commands:
cd c:\Windows\System32
ren osk.exe osk.old
copy c:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe osk.exe
  • Reboot the Server.
  • Launch the on-screen keyboard and PowerShell will open
  • At the Powershell prompt, run the following command, replacing <PASSWORD> with the password of your choice:
Net user Administrator <PASSWORD>
  • Revert file changes in your System32 folder, renaming ‘osk.old’ back to ‘osk.exe’.

And there you have it folks, you are now able to log back in with your Domain Admin account. This works because while the DC does not have a local Administrator account, it somehow realizes that and resets the Domain Admin. Yes it is a little bit of black magic fuckery in that regard… But it worked and got you back in, so who are we to complain.

30 December 2021

Open and Extract .tar files on Windows

What I’m about to say might be a surprise to you… But you don’t need to install any sort of 3rd party software (like 7zip or WinZip) to extract tarball files on WIndows. Windows 10 actually has the functionality built-in. I know, I was just as surprised to learn about it as you are. From the command line, you can use the “Tar” command to easily extract .tar, .gz, or tar.gz files.

For folks out there that don’t know;

  • A tarball file, ‘.tar’, is just a type of archived file. They are basically, a collection of files that have been merged into one single file.
  • Gzip files, ‘.gz’, are a type of compressed file and it is used to save on the amount of space that a file uses on the hard drive.
  • If you’re following along, then you’ll already have realized that a ‘.tar.gz’ file means that it is just a compressed archive file.

Here’s how to extract your tarball file in Windows 10.

Open the ‘Start Menu’ and search for “cmd”. Right-click on “Command Prompt” and select “Run as administrator“.

Enter the following command inside the window.

tar -xvzf "Path to file" -C "Path to destination"


tar -xvzf C:\Source\file.tar.gz -C C:\Destination\

This example will extract the contents of the ‘file.tar.gz’ file from the “C:\Source\” folder to the “C:\Destination\” folder. 
Note: Make sure the ‘-C’ parameter before the path to the destination is an uppercase.

The parameters explained:

  • x — instructs tar to extract the archived content.
  • v — verbose mode. This is optional to display the extraction process. Otherwise, you will only see a blinking cursor until the process is complete.
  • z — instructs tar to uncompress the content with gzip.
  • f — provides tar the name of the file you’re about to extract.
  • C — uppercase and with a hypen, this tells tar to change folders to the specified folder

26 November 2021

Nutanix services

Nutanix relies on the following services to run…

  • Acropolis
  • Genesis
  • Zookeeper
  • Zeus
  • Medusa
  • Cassandra
  • Stargate
  • Curator


An Acropolis follower runs on every CVM with an elected Acropolis leader. The Acropolis follower is responsible for statistic collection and publishing and provides VNC proxy capabilities. The Acropolis leader is responsible for stat collection and publishing, task scheduling and execution, VM placement and scheduling, network controller, and VMC proxy.


Genesis is a process that runs on each node and is responsible for any services interactions (start/stop/etc.) as well as for the initial configuration. Genesis is a process that runs independently of the cluster and does not require the cluster to be configured/running. The only requirement for Genesis to be running is that Zookeeper is up and running.


Zookeeper stores information about all cluster components (both hardware and software), including their IP addresses, capacities, and data replication rules, in the cluster configuration. Zookeeper has no dependencies, meaning that it can start without any other cluster components running.

Zookeeper is active on either three or five nodes, depending on the redundancy factor (number of data block copies) applied to the cluster. Zookeeper uses multiple nodes to prevent stale data from being returned to other components. An odd number provides a method for breaking ties if two nodes have different information. Of these nodes, Zookeeper elects one node as the leader. The leader receives all requests for information and confers with its follower nodes. If the leader stops responding, a new leader is elected automatically.


Zeus is an interface to access the information stored within Zookeeper and is the Nutanix library that all other components use to access the cluster configuration.

A key element of a distributed system is a method for all nodes to store and update the cluster’s configuration. This configuration includes details about the physical components in the cluster, such as hosts and disks, and logical components, like storage containers.


Distributed systems that store data for other systems (for example, a hypervisor that hosts virtual machines) must have a way to keep track of where that data is. In the case of a Nutanix cluster, it is also important to track where the replicas of that data are stored.

Medusa is a Nutanix abstraction layer that sits in front of the database that holds metadata. The database is distributed in a ring topology across multiple nodes in the cluster for resiliency, using a modified form of Apache Cassandra.


Nutanix’s implementation of Cassandra uses a version of Apache Cassandra that has been modified for high performance and automatic, on-demand scaling. Cassandra stores all metadata about the guest VM data in a Nutanix storage container.

Cassandra runs on all nodes of the cluster. Cassandra monitor Level-2 periodically sends a heartbeat to the daemon, which includes information about the load, schema, and health of all the nodes in the ring. Cassandra monitor L2 depends on Zeus/Zk for this information.


A distributed system that presents storage to other systems (such as a hypervisor) needs a unified component for receiving and processing data that it receives. The Nutanix cluster has a software component called Stargate that manages this responsibility.

All read and write requests are sent across an internal vSwitch to the Stargate process running on that node. Stargate depends on Medusa to gather metadata and Zeus to gather cluster configuration data. From the perspective of the hypervisor, Stargate is the main point of contact for the Nutanix cluster.


A Curator leader node periodically scans the metadata database and identifies cleanup and optimization tasks that Stargate should perform. Curator shares analyzed metadata across other Curator nodes. The Curator depends on Zeus to learn which nodes are available, and Medusa to gather metadata. Based on that analysis, it sends commands to Stargate.

Source: Nutanix University’s Enterprise Cloud Administration training

Category: Nutanix | LEAVE A COMMENT
13 November 2021

Adding a wildcard SSL certificate to your WordPress site

So this one threw me for a little bit of a loop when I was first trying to figure it out, even though it shouldn’t have. I was just overthinking it. There was plenty of documentation out there for adding a certificate to a single site, but there is not much when it comes to adding a wildcard certificate to a multi-site WordPress install. I guess that was where I had gotten confused. For reference, this was the specific KB article that helped me the most.

For folks that don’t know what I’m talking about, a multi-site install is one where you can host different WordPress sites on the same server. Meaning that site1.<yoursite>.com and site2 .<yoursite>.com could both reside on the same server even if they are about completely different content. Thus you would only have to cover the cost to host one server, instead of paying for two, one for each host. Yes, they do share some resources, so there are some possible drawbacks… But for most personal sites it should not really be an issue for a few sites to share the same host.

You will need OpenSSL installed on your machine before we continue. It’ll likely already be installed if you are using LInux. If it’s not installed please use your OS’s package manager to install it.

Generate a new private key:

sudo openssl genrsa -out /opt/bitnami/apache2/conf/server.key 2048

Use that key to create a certificate:
***IMPORTANT: Enter the server domain name when the below command asks for the “Common Name”.***

sudo openssl req -new -key /opt/bitnami/apache2/conf/server.key -out /opt/bitnami/apache2/conf/cert.csr

Send the cert.csr file to your Certificate Authority (CA). After they complete their validation checks, they will issue you your new certificate.

Download your certificates. You should have received two files, one was your new certificate and the other file is the CA’s certificate. Rename them as follows:

  • STAR_YourSite_com.crt –> server.crt
  • STAR_YourSite_com.ca-bundle –> server-ca.crt

Backup your private key after generating a password-protected version in the pem format.

sudo openssl rsa -des3 -in /opt/bitnami/apache2/conf/server.key -out privkey.pem

Note: To regenerate the key and remove the password protection, you can use this command:

sudo openssl rsa -in privkey.pem -out /opt/bitnami/apache2/conf/server.key

We’re almost done. Next you’ll open the Apache configuration file to verify it’s setup to use the certificates you just uploaded. The config file can be found at: /opt/bitnami/apache2/conf/bitnami/

Scroll down until you find “<VirtualHost _default_:443>” and verify that it is pointing to the correct certificate, key, and CA certificate bundle that you uploaded earlier. You should find the below lines, if you don’t, go ahead and add them.

SSLCertificateFile "/opt/bitnami/apache2/conf/server.crt"
SSLCertificateKeyFile "/opt/bitnami/apache2/conf/server.key"
SSLCACertificateFile "/opt/bitnami/apache2/conf/server-ca.crt"

Note: It’s easiest to use these default names and not a custom name for these files. If you use a custom name you might need to update that name in other spots of the Apache config file, and you’ll have to google that on your own. If your cert/key is using another name, I recommend just renaming them to the default names above that Apache uses.

After we have copied our files over and have verified that the Apache config file is correct, we are going to update the file persmissions on our certificate files. We will make them readable by the root user only with the following commands:

sudo chown root:root /opt/bitnami/apache2/conf/server*
sudo chmod 600 /opt/bitnami/apache2/conf/server*

Open port 443 in the server firewall. If you’re using Bitnami you can reference this KB.

Restart your server.

Once it comes up, you should now be able to connect to your site using HTTPS.

  • If you are looking for where to purchase an SSL certificate, check out SSLs.com. I use them for my projects. I’ve shopped around, and they have the best deals that I have found anywhere on the Internet.
1 November 2021

Nutanix Cheatsheet

Hopefully, this helps you as much as it helps me. This is by no means a comprehensive list. It’s just a place for me to jot down the various commands I use as I get to know Nutanix more intimately.

Run all NCC Health Checks

ncc health_checks run_all

Shutdown CVM

cvm_shutdown -P now

Check status of CVM metadata ring, see if all CVMs are ‘UP’

nodetool -h 0 ring

Check Cluster Status on CVM

Cluster status

Check if CVM processes are in UP state

cluster status | grep -v UP

Start cluster

Cluster start

Restart prism on CVM

genesis restart

Prism/CVM Status

genesis status

Check if CVM is in Maintenance Mode
Note: Only the Scavenger, Genesis, and Zeus processes must be running (process ID is displayed next to the process name).

genesis status | grep -v "\[\]"

Cluster/Host Hardware Info (RAM, DIMMs, CPUs, etc…) from CVM

ncc hardware_info show_hardware_info

Migrate VM to a different storage container (AOS >= 5.19)

acli vm.update_container vm-name container=target-container wait=false

Change AHV host name (AOS >= 5.20)

change_ahv_hostname --host_ip=HOST_IP --host_name=NEW-AHV-HOSTNAME

Get all CVM IPs within the cluster


Get all Host IPs within the cluster


Get all IPMI IPs within the cluster


Get Cluster Info

ncli cluster info

Get all Hosts Info

acli host.info
ncli host ls

Verify the state of Host
-Entered Maintenace: node_state equals to kEnteredMaintenanceMode and schedulable equals to False.
-Exited Maintenace: node_state equals to kAcropolisNormal and schedulable equals to True.

acli host.get host-ip

Put a CVM in maintenance mode

ncli host edit id=HOST_ID enable-maintenance-mode=true

Exit a CVM from maintenance mode

ncli host edit id=HOST_ID enable-maintenance-mode=false

Put an AHV host in maintenance mode
Note: “wait=true” allows the host to migrate VMs to other hosts before it enters maintenance mode.

acli host.enter_maintenance_mode HOST_IP wait=true

Exit an AHV host from maintenance mode

acli host.exit_maintenance_mode HOST_IP

Check AOS version on all CVMs

allssh 'cat /etc/nutanix/release_version'

Check AHV version on all nodes

hostssh 'cat /etc/nutanix-release'

List all VMs on a cluster

acli vm.list

List all VMs on a host

acli host.list_vms host

List VMs in a powered ON state

acli vm.list power_state=on

List VMs in a powered OFF state

acli vm.list power_state=off

Power off all VMs running on the cluster

for vm_name in `acli vm.list power_state=on | grep -v ^'VM
name' | awk '{print $1}'`; do acli vm.force_off $vm_name; done

Power on all VMs running on the cluster

for vm_name in `acli vm.list power_state=off | grep -v ^'VM
name' | awk '{print $1}'`; do acli vm.on $vm_name; done
Category: Nutanix | LEAVE A COMMENT
15 October 2021

Dell iDRAC RED007

So I was updating the iDRAC (version 8) firmware on some servers, and I kept getting stuck on an error. You’re supposed to be able to upload a new firmware’s .exe file and the iDRAC can do its thing to extract the firmware image and update itself… Well, that simply wasn’t working for me. The error I kept seeing was:

RED007: Unable to verify Update Package signature

I of course consulted Google to see what it knew, and it didn’t disappoint. The common reason for this error is that the iDRAC module isn’t aware of the certificates used to sign the ‘new’ firmware you’re trying to apply. (This happens after firmware versions 2.40.x from what my googling would tell me.) The recommended workaround for this is to incrementally step up each firmware version until you get to the newest firmware. As you should, fingers crossed, have the signature certs loaded from each incremental load.

I headed over to the Dell website and downloaded all of the incremental firmware releases that I was missing and tried to try applying them in incremental order. Well, crap…. that didn’t work for me.

After a bit more googling, I found a KB post that talked about extracting the firmware’s .img file from the .exe. Let us try that…

I was able to launch 7zip and then use that to view one of the .exe files I had downloaded from the Dell website. Low and behold, sitting there was a “firmimg.d7” file. I extracted that .d7 file, and attempted to load it into my iDRAC, then attempted to install it…

What do you know… I found that I was able to successfully upload and install that “firmimg.d7” to my iDRAC modules with no issues. That solved that issue!

6 August 2021

Nutanix password change

If you leave the default passwords on your Nutanix cluster you’ll start to see alerts in Prism that the default password is still in use. It will alert you about it for both the CVM and the physical hosts. This alert is very easy to clear by just updating the password. Here’s how…

To run just the default password health check from your CVM you can use the following command:

nutanix@cvm$ ncc health_checks system_checks default_password_check

Or you can also run the complete set of NCC health checks:

nutanix@cvm$ ncc health_checks run_all

If the health check passes, you’ll see this line in the output:

/health_checks/system_checks/default_password_check              [ PASS ]

If the health check fails you’ll see this in the output and it will tell you which host(s) alerted:

/health_checks/system_checks/default_password_check              [ INFO ]
Detailed information for default_password_check:
Node x.x.x.x:

Nutanix Controller VM (CVM) password change

Running this command will prompt you for your new desired password for the ‘nutanix’ user on the CVM:
nutanix@cvm$ sudo passwd nutanix

Once you change the CVM’s password it will replicate to all of the CVMs in your cluster, thus changing the password on all of your CVMs at once.

Hypervisor password change

  • AHV
    To change the local “admin” account password for all AHV hypervisors in the Nutanix cluster, you can run this command from any CVM in the cluster.
    nutanix@cvm$ echo -e "CHANGING ALL AHV HOST ADMIN PASSWORDS. Note - This script cannot be used for passwords that contain special characters ( $ \ { } ^ &)\nPlease input new password: "; read -s password1; echo "Confirm new password: "; read -s password2; if [ "$password1" == "$password2" ] && [[ ! "$password1" =~ [\{\$\^}\&] ]]; then hostssh "echo -e \"admin:${password1}\" | chpasswd"; else echo "The passwords do not match or contain invalid characters (\ $ { } ^ &)"; fi
    To change the local “nutanix” account password for all AHV hypervisors in the Nutanix cluster, you can run this command from any CVM in the cluster.
    nutanix@cvm$ echo -e "CHANGING ALL AHV HOST NUTANIX PASSWORDS. Note - This script cannot be used for passwords that contain special characters ( $ \ { } ^ &)\nPlease input new password: "; read -s password1; echo "Confirm new password: "; read -s password2; if [ "$password1" == "$password2" ] && [[ ! "$password1" =~ [\{\$\^}\&] ]]; then hostssh "echo -e \"nutanix:${password1}\" | chpasswd"; else echo "The passwords do not match or contain invalid characters (\ $ { } ^ &)"; fi

  • VMware ESXi 
    To change the local root password for all ESXi hosts in the cluster, you can run this command from any CVM in the cluster.
    nutanix@cvm$ echo -e "CHANGING ALL ESXi HOST PASSWORDS. Note - This script cannot be used for passwords that contain special characters ( $ \ { }  ^ &)\nPlease input new password: "; read -s password1; echo "Confirm new password: "; read -s password2; if [ "$password1" == "$password2" ] && [[ ! "$password1" =~ [\\\{\$\^\}\&] ]]; then hostssh "echo -e \"${password1}\" | passwd root --stdin"; else echo "The passwords do not match or contain invalid characters (\ $ { } ^ &)"; fi

  • Microsoft Hyper-V 
    To change the local administrator password for all Hyper-V hosts in the cluster, you can run this command from any CVM in the cluster.
    nutanix@cvm$ echo -e "CHANGING ALL HYPER-V HOST PASSWORDS. Note - This script cannot be used for passwords that contain special characters ( $ \ { }  ^)\nPlease input new password: "; read -s password1; echo "Confirm new password: "; read -s password2; if [ "$password1" == "$password2" ] && [[ ! "$password1" =~ [\ \"\'\\\{\$\^\}] ]]; then hostssh "net user administrator $password1"; echo "Updating Host and ManagementServer Entries..."; ncli host ls | grep -i id | grep -Eo "::[0-9]*" | cut -c 3- | while read hID; do ncli host edit id=$hID hypervisor-password=$password1;done  > /dev/null; ncli host ls | grep "Hypervisor Address" | awk '{print $4}' | while read hIP; do ncli managementserver edit name=$hIP password=$password1;done > /dev/null;  else echo "The passwords do not match or contain invalid characters (\ $ { } ^)"; fi

Further info can be found in the following Nutanix KB.

Category: Nutanix | LEAVE A COMMENT
3 August 2021

Restart Prism

You might have some problems with your Nutanix Prism someday and need to restart the Prism service without restarting your CVM or host or anything else. Whether it is super slow page loads, overall delay in the WebGUI, or some other problem. Thankfully you can safely restart the Prism service in a way that won’t have an impact your production environment.

SSH into any of your CVMs and run the line below.

curl http://0:2019/prism/leader && echo

It will reply back with the response of either {"leader":"x.x.x.x:9080","is_local":true} if it is the Prism leader or {"leader":"x.x.x.x:9080","is_local":false} if it is not the Prism leader. If it is not the leader, you will be able to see the IP address of the CVM you will need to connect to returned.

Now that you have SSHed into the Prism leader, you can run the command below to stop the service.

genesis stop prism

To re-start the Prism service, simply use this command.

cluster start

Your Prism is back up and running. Something to note is that the Prism leader may now be a different CVM, it does have to start up on the same CVM as before the restart. If you want to check which CVM is now residing as the leader, you can re-run the first command I mentioned and see what returns from the curl command.

Another handy command to know for just restarting the Genesis service is:

genesis restart
Category: Nutanix | LEAVE A COMMENT
9 June 2021

SCCM Client Actions

If you use SCCM or have ever had to mess with Configuration Manager on a computer that runs Software Center, then you have seen all of the client actions that you can run. That said, like most of us when we started using SCCM or Configuration Manager we knew we had to run some/all of the actions to make the changes we made in SCCM reflect on the computer we were trying to push something to. After a while, you start to realize that you can get by running just one or two actions instead of all of them. But, using myself as an example, aside from knowing you needed to run them you likely didn’t know what they actually did. For me, it was always something that I was going to “Google” later and figure out what they did at some future time. Well, I recently reached that future point-in-time and thought I’d share the collection (SCCM pun intended) of answers that I found. Hopeful what I’ve complied helps out someone else that finally decided to search about it…

  • Application Deployment Evaluation Cycle – This action re-evaluates the requirement rules for all deployments. If an application is required, and not installed when the Application Deployment Evaluation Cycle runs, Configuration Manager automatically triggers a re-install. The Application Deployment Evaluation Cycle only applies to applications and not to the packages. The default value is set to run every 7 days.
  • Branch Distribution Point Maintenance Task – Verifies any pre-staged packages and downloads any that do not exist on the branch distribution point. While Technet does not explicitly state it, I believe this task is useful only on branch distribution points and is ignored on normal clients.
  • Discovery Data Collection Cycle – This causes the client to generate a new discovery data record (DDR). When the DDR is processed by the site server, Discovery Data Manager adds or updates resource information from the DDR in the site database.
  • File Collection Cycle – When a file is specified for collection, the Microsoft System Center Configuration Manager 2007 software inventory agent searches for that file when it runs a software inventory scan on each client in the site. If the software inventory client agent finds a file that should be collected, the file is attached to the inventory file and sent to the site server. This action differs from software inventory in that it actually sends the file to the site server so that it can be later viewed using Resource Explorer. This is a part of SCCM inventory functionality.
  • Hardware Inventory Cycle – Collects information such as available disk space, processor type, and the operating system about each computer. This is a part of SCCM inventory functionality.
  • Machine Policy Retrieval & Evaluation Cycle – The client downloads its policy on a schedule. By default, this value is configured to every 60 minutes and is configured with the option Policy polling interval (minutes). However, there might be occasions when you want to initiate ad-hoc policy retrieval from the client—for example, in a troubleshooting scenario or when testing. This action initiates ad-hoc machine policy retrieval from the client outside its scheduled polling interval.
  • Send Unsent State Messages – This tool sends State Messages that are cached on the ConfigMgr client to the ConfigMgr server.
  • Software Inventory Cycle – Collects software inventory data directly from files (such as .exe files) by inventorying the file header information. Configuration Manager 2007 can also inventory unknown files — files that do not have detailed information in their file headers. This provides a flexible, easy-to-maintain software inventory method. You can also have Configuration Manager 2007 collect copies of files that you specify. Software inventory and collected file information for a client can be viewed using Resource Explorer. This is a part of SCCM inventory functionality.
  • Software Metering Usage Report Cycle – Collects the data that allows you to monitor and client software usage.
  • Software Updates Deployment Evaluation Cycle – Initiates a scan for software updates compliance. Before client computers can scan for software update compliance, the software updates environment must be configured.
  • Software Updates Scan Cycle – Just after a software update installation completes, a scan is initiated to verify that the update is no longer required and to create a new state message that indicates the update has been installed. When the installation has finished but a restart is necessary, the state will indicate that the client computer is pending a restart.
  • State Message Cache Cleanup – This tool clears State Messages that are cached on the ConfigMgr client.
  • User Policy Retrieval & Evaluation Cycle – Similar to Machine Policy Retrieval & Evaluation Cycle, but this action initiates ad-hoc user policy retrieval from the client outside its scheduled polling interval.
  • Windows Installer Source List Update Cycle – Causes the Product Source Update Manager to complete a full update cycle. When you install an application using Windows Installer, those Windows Installer applications try to return to the path they were installed from when they need to install new components, repair the application, or update the application. This location is called the Windows Installer source location. Windows Installer Source Location Manager can automatically search Configuration Manager 2007 distribution points for the source files, even if the application was not originally installed from a distribution point.

For anyone interested, the descriptions above are not my own. I’ve copied them from here and here.

18 May 2021

Home WiFi QR code

So I happened across an article the other day which described how to do something that I thought was kind of cool. It walked you through how to create a QR code so that visitors to your house (or business) could simply use the camera in their smart phone to quickly and easily access your guest WiFi network. Yes, it may, be nerdy… But it’s still cool. Here’s how you can do it too!

The greatness of this solution is that scanning the QR code will basically work from any iOS or Android device. However, since I only have Apple mobile devices, I can only show you how easily it is done on an iPhone.

Make the QR code

Get the ‘shortcut’ by clicking this link: https://www.icloud.com/shortcuts/796cd8de4e344ac6a5b6495a8a2fa333
(shortcut originally created by Stephen Robles for AppleInsider).

It will open the ‘Shortcuts’ app on your phone and display all the steps that will happen once you run the shortcut. Scroll all the way to the bottom of the screen and click the red button that is labeled “Add Untrusted Shortcut”. It will now get added to your “My Shortcuts”.

At the bottom of your screen tap on “My Shortcuts”. Run the shortcut called “Generate Wi-Fi QR”.
It will prompt you for a Wi-Fi network/SSID name, and it asks if you want to use the Wi-Fi network you are connected to, or it will let you specify another network and type it in. The next step will prompt you to enter the Wi-Fi password.

Once you hit ‘Done’, it will generate a QR code for you. Tap the icon in the upper right corner to save the QR code as an image.

Display & Connect

You now have an image that looks like this…

Print the image out and post it on your wall at home (or work).

When friends come over they can scan your QR code and connect seamlessly, without you ever having to do anything other than point a finger towards whereever you hang your QR code image.