DISM /Online /Set-Edition:ServerStandard /ProductKey:xxxxx-xxxxx-xxxxx-xxxxx-xxxxx /AcceptEula
Load MS Exchange Powershell snapin
Open regular POwershell and run:
Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn
How to enable NETBIOS on Fortigate VPN
From the console:
config system interface
edit wan1
set netbios-forward enable
end
How to disable antimalware on Exchange 2016
To disable malware filtering on the local Mailbox server, run this command in the Exchange Management Shell:
& $env:ExchangeInstallPath\Scripts\Disable-AntimalwareScanning.ps1
To enable malware filtering on the local Mailbox server, run this command in the Exchange Management Shell:
& $env:ExchangeInstallPath\Scripts\Enable-AntimalwareScanning.ps1
If the command was successful, you see this message:
Anti-malware scanning is successfully
Note: The enable script also applies malware engine and definition updates as needed.
Restart the Exchange Transport service by running this command, which will temporarily interrupt mail flow on the server:
Restart-Service MSExchangeTransport
The change might take up to 10 minutes to take effect.
How To Know Which Process is Using a File or Folder in Windows
Resource Monitor
For Windows 7 and above, you can use the built-in Resource Monitor.
Open Resource Monitor, which can be found
- By searching for resmon.exe in the start menu, or
- As a button on the Performance tab in your Task Manager
From CPU tab, use the search field in the Associated Handles section
When you’ve found the handle, you can identify the process by looking at the Image and/or PID column. You can then close the application if you are able to do that, or just right-click the row and you’ll get the option of killing the process (End Process) right there.
Kill a process using PowerShell
Open PowerShell. If required, run it as Administrator.
Type the command Get-Process to see the list of running processes
To kill a process by its name, execute the following cmdlet: Stop-Process -Name “ProcessName” -Force
To kill a process by its PID, run the command: Stop-Process -ID PID -Force
Windows Server 2019 Activation from Evaluation
Activate and change the edition with the command on Power Shell:
DISM /online /Set-Edition:ServerStandard /ProductKey:XXXXX-XXXXX-XXXXX-XXXXX-XXXXX /AcceptEula
Enable the Password Reset Option in Exchange Server 2016
The easiest way to change the password of a user’s Microsoft Exchange mailbox is to use the Active Directory User and Computer (ADUC) console. You can also reset the password from the Exchange Admin Center, but this option is disabled by default. This article describes how to enable the password reset option in the Exchange Admin Center in Microsoft Exchange Server 2016.
1. Log in to exchange server with your admin credentials.
2. Open PowerShell with administrative privileges and execute the following three commands.
Add-pssnapin microsoft*
Install-CannedRbacRoles
Install-CannedRbacRoleAssignments
3. Log in to the Exchange Admin Center and click on Permissions.
Right-click ‘Organization Management’ and then click Edit.
Click the ‘+’ sign on the roles section. Select ‘Reset Password’ and then click Add. Click OK and then click Save.
4. Log out from the Exchange Admin Center.
5. When you log in again to the Exchange Admin Center and open any existing user mailbox properties, you should see the reset password option.
How to stop a Windows Backup job
Microsoft Windows [Version 6.3.9600]
(c) 2013 Microsoft Corporation. All rights reserved.
C:\Users\Administrator.LOCAL>wbadmin stop job
wbadmin 1.0 – Backup command-line tool
(C) Copyright 2013 Microsoft Corporation. All rights reserved.
Are you sure you want to stop the current operation?
[Y] Yes [N] No y
The backup operation ended before completing.
C:\Users\Administrator.LOCAL>
YumRepo Error: All mirror URLs are not using ftp, http[s] or file
In Centos 6
Be sure that you can ping vault.centos.org.
Then edit /etc/yum.repos.d/CentOS-Base.repo
Comment out mirrorlist and uncomment baseurl
Change all
baseurl=http://mirror.centos.org/centos/$releasever/centosplus/$basearch/
to
baseurl=http://vault.centos.org/$releasever/centosplus/$basearch/You’ll need an app to run Microsoft Edge
Go here and download and install Edge.
https://www.microsoft.com/en-us/edge/business/download
Exchange 2010/2013/2016: Starting Exchange Services with a simple command
As an Exchange Admin, you might be looking after 1 server or several hundred.
Sometime after a reboot you might notice that some of the services don’t start. It is a daunting task to go manually start them all 1 at a time.
A simple way is to run the following command from an elevated PowerShell Window:
- Get-Service *Exchange* | Start-Service
Some services like the Transport and Unified Messaging Services take a bit longer to start but the window will echo the starting of all services.
Seize Active Directory Roles
Select Start > Run, type ntdsutil in the Open box, and then select OK.
C:\Users\administrator>ntdsutil
ntdsutil: roles
fsmo maintenance: connections
server connections: connect to server adserver2
Binding to adserver2 …
Connected to adserver2 using credentials of locally logged on user.
server connections: quit
fsmo maintenance: Transfer schema master
Server “adserver2” knows about 5 roles
Schema – CN=NTDS Settings,CN=ADSERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=temp,DC=local
Naming Master – CN=NTDS Settings,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=temp,DC=local
PDC – CN=NTDS Settings,CN=BDSERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=temp,DC=local
RID – CN=NTDS Settings,CN=BDSERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=temp,DC=local
Infrastructure – CN=NTDS Settings,CN=BDSERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=temp,DC=local
fsmo maintenance: quit
ntdsutil: quit
Port forward on Mikrotik Router
Port Forwarding to Internal Web Server
According to the network diagram, there is a Web Server (IP: 192.168.10.10) in internal network and now it is only accessible from internal network. Configuring MikroTik Port Forwarding, this Web Server can be accessible from out of this internal network and the following steps will show how to configure MikroTik Port Forwarding to access this internal Web Server from internet/public area.
- Login to MikroTik Router using Winbox with admin privilege credential.
- Go to IP > Firewall menu item and click on NAT tab and then click on PLUS SIGN (+). New NAT Rule window will appear.
- In General tab, choose dstnat from Chain dropdown menu. Put MikroTik WAN IP (117.58.—.198) in Dst. Address input field and choose tcp from Protocol dropdown menu and then put 80 in Dst Port input field because we know Web Server works on TCP port 80.
- Click on Action tab and choose dst-nat option from Action dropdown menu. Put Web Server IP (192.168.10.10) in To Addresses input field and then put 80 in To Ports input field.
- Click Apply and OK button.
Remotely update Ubiquiti AP
SSH to the device. You can get the IP addres from the controller screen. The default username/password is ubnt/ubnt.
upgrade https://dl.ui.com/unifi/firmware/U7PG2/4.3.21.11325/BZ.qca956x.v4.3.21.11325.200922.1139.bin
You can get the latest firmware from https://www.ui.com/download/
Remote Desktop (RDP) shortcut keys
| Shortcut key | Description |
| CTRL+ALT+HOME | Activates the connection bar. |
CTRL+ALT+BREAK or one of these shortcuts:
|
Switches the client between full-screen mode and window mode. If these shortcuts don’t work, or the keys aren’t available, you can try the following alternative:
|
| CTRL+ALT+END | Brings up the Windows Security dialog box for the Remote Desktop Session Host (RD Session Host) (provides the same functionality as pressing CTRL+ALT+DEL on the local computer). |
The following table describes the standard Windows shortcut keys and their equivalent Remote Desktop shortcuts that are different. (For example, Ctrl+Z is generally the ‘Undo’ shortcut on both standard Windows and Remote Desktop.)
| Table 2 | ||
| Windows shortcut | Remote Desktop shortcut | Description |
| ALT+TAB | ALT+PAGE UP | Switches between programs from left to right. |
| ALT+SHIFT+TAB | ALT+PAGE DOWN | Switches between programs from right to left. |
| ALT+INSERT | Cycles through the programs in the order they were started. | |
| Windows key or CTRL+ESC |
ALT+HOME | Displays the Start menu. |
| ALT+SPACE BAR | ALT+DELETE | Displays the system menu. |
| ALT+PRINT SCREEN | CTRL+ALT+MINUS SIGN (-) | Places a snapshot of the active window, within the client, on the clipboard. |
| PRINT SCREEN | CTRL+ALT+PLUS SIGN (+) | Places a snapshot of the entire client windows area on the clipboard . |
Who is logged on to Windows RDP?
Open a command prompt and execute: query user /server:server-a
Set time on Windows AD Server to NTP
Configure the NTP Server on Windows Server 2008, 2012, 2016 or 2019
On your Windows Server hit the Windows Button and type:
PowerShell and right-click it and select Run as Administrator
Type the following commands
w32tm /config /manualpeerlist:pool.ntp.org /syncfromflags:MANUAL
Stop-Service w32time
Start-Service w32time
Of course, you can take any NTP Server that you want. Now verify if the time-server was set correctly on your Server by typing: w32tm /query /status
Windows backup drive is full
Windows does not manage backup space well. To manage the retained backups and not fill up the disk, run the following command from an elevated command prompt:
WBADMIN DELETE BACKUP -backuptarget:F: -keepVersions:30
**************************************
To get the versions:
WBADMIN get versions
**************************************
To delete the oldest backup version:
WBADMIN DELETE BACKUP -deleteoldest
Robocopy makes folders disappear
Robocopy may set the new directory to hidden, as that it copies the system attribute of the root folder of the drive over to the new folder. You can prevent the new directory from becoming hidden by adding the /A-:SH option/flag/switch to your robocopy command.
Remove Windows 10 Bloatware
Get-AppxPackage -name “Microsoft.ZuneMusic” | Remove-AppxPackage
Get-AppxPackage -name “Microsoft.Music.Preview” | Remove-AppxPackage
Get-AppxPackage -name “Microsoft.XboxGameCallableUI” | Remove-AppxPackage
Get-AppxPackage -name “Microsoft.XboxIdentityProvider” | Remove-AppxPackage
Get-AppxPackage -name “Microsoft.BingTravel” | Remove-AppxPackage
Get-AppxPackage -name “Microsoft.BingHealthAndFitness” | Remove-AppxPackage
Get-AppxPackage -name “Microsoft.BingFoodAndDrink” | Remove-AppxPackage
Get-AppxPackage -name “Microsoft.People” | Remove-AppxPackage
Get-AppxPackage -name “Microsoft.BingFinance” | Remove-AppxPackage
Get-AppxPackage -name “Microsoft.3DBuilder” | Remove-AppxPackage
Get-AppxPackage -name “Microsoft.WindowsCalculator” | Remove-AppxPackage
Get-AppxPackage -name “Microsoft.BingNews” | Remove-AppxPackage
Get-AppxPackage -name “Microsoft.XboxApp” | Remove-AppxPackage
Get-AppxPackage -name “Microsoft.BingSports” | Remove-AppxPackage
Get-AppxPackage -name “Microsoft.WindowsCamera” | Remove-AppxPackage
Get-AppxPackage -name “Microsoft.Getstarted” | Remove-AppxPackage
Get-AppxPackage -name “Microsoft.Office.OneNote” | Remove-AppxPackage
Get-AppxPackage -name “Microsoft.WindowsMaps” | Remove-AppxPackage
Get-AppxPackage -name “Microsoft.MicrosoftSolitaireCollection” | Remove-AppxPackage
Get-AppxPackage -name “Microsoft.MicrosoftOfficeHub” | Remove-AppxPackage
Get-AppxPackage -name “Microsoft.BingWeather” | Remove-AppxPackage
Get-AppxPackage -name “Microsoft.BioEnrollment” | Remove-AppxPackage
Get-AppxPackage -name “Microsoft.WindowsStore” | Remove-AppxPackage
Get-AppxPackage -name “Microsoft.Windows.Photos” | Remove-AppxPackage
Get-AppxPackage -name “Microsoft.WindowsPhone” | Remove-AppxPackage
Move files before date with Robocopy
ROBOCOPY “E:\data” “\\testserver\data” /MOVE /E /MINLAD:20170101 /CREATE /R:1 /W:1 /TEE /V /LOG+:data.log
/MINLAD:20170101 – will move files accessed before 01/01/2017.
Test SQL connectivity remotely easy!
Have you ever been troubleshooting a problem with remote SQL Iproxy MP, remote DB, etc) and wanted to test to see if the local system account (or any account for that matter) could make a remote connection to SQL but you didn’t want to install the SQL tools just to make that test? Seems there is a file type – UDL file – that you can simply create that will bring up a window to allow testing of remote connections to SQL.
Just go anywhere on your system and create an empty text file named anything but instead of txt make sure the extension is UDL. Then, double-click on the file and up pops a SQL connectivity window to allow testing of remote SQL connections.
Install LAMP on CentOS 7
Before we install the LAMP stack, it’s a good idea to run the following command to update repository and software packages.
yum update
Enter the following command to install Apache Web server. The httpd-tools package will install some useful utilities like Apache HTTP server benchmarking tool (ab).
yum install httpd httpd-tools
After it’s installed, we can start Apache with this command:
systemctl start httpd
Enable Apache to auto start at system boot time by running the following command.
systemctl enable httpd
Now check its status.
systemctl status httpd
Check Apache version.
httpd -v ************************************************************** By default, CentOS 8/RHEL 8 forbids public access to port 80. To allow other computers to access the web page, we need to open port 80 in firewalld, the dynamic firewall manager on RHEL/CentOS. Run the following command to open port 80.
firewall-cmd --permanent --zone=public --add-service=http
If you want to enable HTTPS on Apache later, then you also need to open port 443.
firewall-cmd --permanent --zone=public --add-service=https
The --permanent option will make this firewall rule persistent across system reboots. Next, reload the firewall daemon for the change to take effect.
systemctl reload firewalld
Now the Apache web page is accessible publicly.
Finally, we need to make user apache as the owner of web directory. By default it’s owned by the root user.
chown apache:apache /var/www/html -R
**************************************************************
MariaDB is a drop-in replacement for MySQL. It is developed by former members of MySQL team who are concerned that Oracle might turn MySQL into a closed-source product. Enter the following command to install MariaDB on CentOS 8/RHEL 8.
yum install mariadb-server mariadb -y
After it’s installed, we need to start it.
systemctl start mariadb
Enable auto start at system boot time.
systemctl enable mariadb
Check status:
systemctl status mariadb
Now we need to run the security script.
mysql_secure_installation
When it asks you to enter MariaDB root password, press Enter key as the root password isn’t set yet. Then enter y to set the root password for MariaDB server.
How to Install LAMP Stack on CentOS 8/RHEL 8 – LinuxBabe
Next, you can press Enter to answer all remaining questions, which will remove anonymous user, disable remote root login and remove test database. This step is a basic requirement for MariaDB database security. (Note that the letter Y is capitalized, which means it’s the default answer.)
How to Install LAMP Stack on CentOS 8/RHEL 8 – LinuxBabe
Now you can run the following command and enter MariaDB root password to log into MariaDB shell.
mysql -u root -p **************************************************************
Install PHP and some common modules using the following command.
yum install php php-fpm php-mysqlnd php-opcache php-gd php-xml php-mbstring -y
Apache web server on CentOS 7 by default uses PHP-FPM instead of mod_php to run PHP code, so in the above command we also installed php-fpm. After it’s installed, we need to start it.
systemctl start php-fpm
Enable auto start at system boot time.
systemctl enable php-fpm
Check status:
systemctl status php-fpm
“Enabled” indicates that auto start at boot time is enabled and we can see that PHP-FPM is running. The php-fpm package installs a php.conf file in /etc/httpd/conf.d/ directory, so we need to restart Apache web server, in order to run PHP code.
systemctl restart httpd
We also need to run the following command to tell SELinux to allow Apache to execute PHP code via PHP-FPM.
setsebool -P httpd_execmem 1 Now upgrade to PHP 7 PHP 7.3 is available for CentOS 7 and Fedora distributions from the Remi repository. Add it to your system by running
sudo yum -y install http://rpms.remirepo.net/enterprise/remi-release-7.rpm sudo yum -y install epel-release yum-utils
By default, the enabled repository is for PHP 5.4. Disable this repo and enable on for PHP 7.3
sudo yum-config-manager --disable remi-php54 sudo yum-config-manager --enable remi-php73
Once the repo has been enabled, install php 7.3 on CentOS 7 or Fedora using the command
sudo yum -y install php php-cli php-fpm php-mysqlnd php-zip php-devel php-gd php-mcrypt php-mbstring php-curl php-xml php-pear php-bcmath php-json
Check version installed
$ php -v
************************************************************** Install and setup VSFTP Install vsftpd Then install vsftpd and any required packages: yum -y install vsftpd Configure vsftpd Now let’s edit the configuration file for vsftpd. Open the file with the following command: vim /etc/vsftpd/vsftpd.conf Disallow anonymous logins; this allows unidentified users to access files via FTP. Ensure that the anonymous_enable setting to NO: anonymous_enable=NO Enable local users to login, this will allow your regular user accounts to function as FTP accounts. Change the local_enable setting to YES: local_enable=YES write_enable=YES chroot_local_user=YES Exit and save the file with the command `:wq`, or with `:x`. Restart and Enable the vsftpd service: systemctl restart vsftpd Then set the vsftpd service to start at boot: systemctl enable vsftpd Allow vsftpd Through the Firewall firewall-cmd --permanent --add-port=21/tcp And reload the firewall: firewall-cmd --reload Change permissions on the users home folder: chmod a-w /home/.sites/
Convert CentOS from VMWare to Hyper-V
# CentOS 6 regenerate initramfs for Hyper-V
mkinitrd -f -v --with=hid-base-hv --with=hid-hyperv --with=hv_utils --with=hv_vmbus --with=hv_storvsc --with=hv_netvsc /boot/initramfs-$(uname -r).img $(uname -r)How to move stale computers in Active Directory to DisabledComputers OU
Create your DisabledComputers OU.
Copy and save the following script as DisabledAged.ps1
*******
#Import AD module
Import-Module ActiveDirectory
$ErrorActionPreference = “SilentlyContinue”
$searchbase = “DC=domain,DC=local”
$EntGroups = “OU=Computers,DC=domain,DC=local”
$groups = Get-ADGroup -Properties Name -Filter * -searchbase $EntGroups
$inactiveOU = “OU=DisabledComputers,DC=domain,DC=local”
$Days = (Get-Date).AddDays(-180)
$computers = Get-ADComputer -Properties * -Filter {LastLogonDate -lt $Days} -SearchBase $searchbase
$DisabledComps = Get-ADComputer -Properties Name,Enabled,LastLogonDate -Filter {(Enabled -eq “False” -and LastLogonDate -lt $Days)} -SearchBase $inactiveOU
#Move inactive computer accounts to your inactive OU
foreach ($computer in $computers) {
echo $computer
Set-ADComputer $computer -Location $computer.LastLogonDate | Set-ADComputer $computer -Enabled $false
Move-ADObject -Identity $computer.ObjectGUID -TargetPath $inactiveOU
#Remove group memberships
foreach ($group in $groups) {
Remove-ADGroupMember -Identity $group -Members $computer.ObjectGUID -Confirm:$false
}
}
#Optionally remove stale computer objects from AD
#Remove stale computer accounts older than 365 days
#$RemoveStale = Get-ADComputer -Filter * -SearchBase $DisabledComps | Where-Object {$_.Location -gt (Get-Date).AddDays(-365) -and $_.Location -lt (Get-Date).AddDays(-180)}
#$RemoveStale | Remove-ADObject
*****
Run change DC=domain,DC=local to your domain and run the script.
How to get stale computers from Active Directory
Copy the text below:
*****
$DaysInactive = 90
$time = (Get-Date).Adddays(-($DaysInactive))
Get-ADComputer -Filter {LastLogonTimeStamp -lt $time} -ResultPageSize 2000 -resultSetSize $null -Properties Name,
OperatingSystem, SamAccountName, DistinguishedName | Export-CSV “C:\StaleComps.CSV” –NoTypeInformation
*****
Save as stale.ps1 then run from Powershell
If you receive the following error:
The term ‘Get-ADComputer’ is not recognized as the name of a cmdlet, function, script file, or operable program.
Check
the spelling of the name, or if a path was included, verify that the path is correct and try again.
At C:\Users\super\desktop\Aged.ps1:5 char:15
+ Get-ADComputer <<<< -Filter {LastLogonTimeStamp -lt $time} -ResultPageSize 2000 -resultSetSize $null -Properties
Nam
e, OperatingSystem, SamAccountName, DistinguishedName | Export-CSV “C:\StaleComps.CSV” -NoTypeInformation
+ CategoryInfo : ObjectNotFound: (Get-ADComputer:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
Run this command:
PS C:\Users\super\desktop> import-module activedirectory
If you receive a message concerning unsigned code, Set Execution Policy:
PS C:\> Set-ExecutionPolicy -ExecutionPolicy RemoteSigned
How to find Active Directory Search Base
To find out your user and group base DN, you can run a query from any member server on your Windows domain.
To find the User Base DN:
– Open a Windows command prompt.
– Type the command: dsquery user -name <known username>
(Example: If I were searching for all users named John, I could enter the username as John* to get a list of all users who’s name is John)
– The result will look like: “CN=John.Smith,CN=Users,DC=MyDomain,DC=com”
– In Blue Coat Reporter’s LDAP/Directory settings, when asked for a User Base DN, you would enter: CN=Users,DC=MyDomain,DC=com
To find the Group Base DN:
– Open a Windows command prompt
– Type the command: dsquery group -name <known group name>.
(Example: If I were searching for a group called Users, I could enter the group name as Users* to get a list of all groups who’s name contains “Users”)
– The result will look like: “CN=Users,CN=Builtin,DC=MyDomain,DC=com”
– In Blue Coat Reporter’s LDAP/Directory settings, when asked for a User Base DN, you would enter: CN=Users,CN=Builtin,DC=MyDomain,DC=com.
Syncback on Server 2012 as scheduled task doesn’t run
User Rights
You should also make sure the user account has the necessary Windows user rights. To do this, run the Local Security Policy control panel applet (in the Administrative Tools section of the control panel). If you are using the home version of Windows then you may not have access to the Local Security Policy control panel applet (Microsoft have removed the feature from home versions of Windows).
Make sure that the user account has the following user rights:
- Act as part of the operating system
- Log on as a batch job
- Log on as a service
Make sure the user account is not listed in the following user rights:
- Deny logon as a batch job
- Deny logon as a service
Setup network on Hyper-V virtual CentOS 6
Use system-config-network-tui and set up the card. If you perform a failover, you must connect the card in Hyper-V and then configure the card again.
If it does not come up, look in /etc/udev/rules.d/70-persistant-net.rules and see which “ethX” interface has the correct mac address. Either rename your ifcfg-ethx file in /etc/sysconfig/network-scripts or use system-config-network-tui to setup the correct “ethX” interface and restart the network.
How to check Hyper-V replication status automatically
Copy and paste the following into a text file and save as c:\checkrep.ps1.
*****************************************************************
Add-PSSnapin Microsoft.Exchange.Management.Powershell.Admin -erroraction silentlyContinue
##### Configuration Section Starts #####
$SMTPName = “mail.ncol.net”
$EmailMessage = new-object Net.Mail.MailMessage
$SMTPServer = new-object Net.Mail.SmtpClient($SMTPName)
$EmailMessage.From = “admin@domain.com”
$EmailMessage.To.Add(“techsupp@ncol.net”)
#$EmailMessage.To.Add(“9197021111@vtext.com”)
##### Configuration Section Ends#####
#Build a nice file name
$date = get-date -Format M_d_yyyy_hh_mm_ss
$csvfile = “.\AllAttentionRequiringVMs_”+$date+”.csv”
#Build the header row for the CSV file
$csv = “VM Name, Date, Server, Message `r`n”
#Find all VMs that require your attention
$VMList = get-vm | where {$_.ReplicationHealth -eq “Critical” -or $_.ReplicationHealth -eq “Warning”}
#Loop through each VM to get the corresponding events
ForEach ($VM in $VMList)
{
$VMReplStats = $VM | Measure-VMReplication
#We should start getting events after last successful replication. Till then replication was happening.
$FromDate = $VMReplStats.LastReplicationTime
#This string will filter for events for the current VM only
$FilterString = “<QueryList><Query Id=’0′ Path=’Microsoft-Windows-Hyper-V-VMMS-Admin’><Select Path=’Microsoft-Windows-Hyper-V-VMMS-Admin’>*[UserData[VmlEventLog[(VmId='” + $VM.ID + “‘)]]]</Select></Query></QueryList>”
$EventList = Get-WinEvent -FilterXML $FilterString | Where {$_.TimeCreated -ge $FromDate -and $_.LevelDisplayName -eq “Error”} | Select -Last 3
#Dump relevant information to the CSV file
foreach ($Event in $EventList)
{
If ($VM.ReplicationMode -eq “Primary”)
{
$Server = $VMReplStats.PrimaryServerName
}
Else
{
$Server = $VMReplStats.ReplicaServerName
}
$csv +=$VM.Name + “,” + $Event.TimeCreated + “,” + $Server + “,” + $Event.Message +”`r`n”
}
}
#Create a file and dump all information in CSV format
$fso = new-object -comobject scripting.filesystemobject
$file = $fso.CreateTextFile($csvfile,$true)
$file.write($csv)
$file.close()
#If there are VMs in critical health state, send an email to me and my colleague
If ($VMList -and $csv.Length -gt 33)
{
$Attachment = new-object Net.Mail.Attachment($csvfile)
$EmailMessage.Subject = “[ATTENTION] Replication requires your attention!”
$EmailMessage.Body = “The report is attached.”
$EmailMessage.Attachments.Add($Attachment)
$SMTPServer.Send($EmailMessage)
$Attachment.Dispose()
}
Else
{
$EmailMessage.Subject = “[NORMAL] All VMs replicating Normally!”
$EmailMessage.Body = “All VMs are replicating normally. No further action is required at this point.”
$SMTPServer.Send($EmailMessage)
}
*****************************************************************
Change the relevant email information at the beginning of the document.
Now open Task Scheduler.
Create a Basic Task. Name it Check Replication. Next.
Set the Trigger to the frequency you want the script to run. Next.
Set the Action to Start A Program. Next.
Enter powershell.exe in the Program box.
Enter c:\checkrep.ps1 in the Add Arguments box.
Enter c:\ in the Start In box. Next.
Open the properties of the Task and on the General tab select “Run whether user is logged in or not” and “Run with the highest privileges”.
******************************************************************
If you receive an error:
“Your script is blocked from executing due to the execution policy.”
You need to set it on the client PC to Unrestricted. You can do that by calling Invoke with
Set-ExecutionPolicy Unrestricted
within Windows Powershell (x86) app.
Examples of Phishing emails that could contain Ransomware
The FS-ISAC, or the Financial Services Information Sharing and Analysis Center, is the global financial industry’s go to resource for cyber and physical threat intelligence analysis and sharing. FS-ISAC is unique in that it was created by and for members and operates as a member-owned non profit entity.
Here are some examples of phishing emails that member banks have received over the past few days. I’m sending them to you to familiarize you with the types of emails that you might receive. If you DO receive any emails that appear suspicious, PLEASE notify the helpdesk, or Bill or myself. Thank you.
YOU HAVE A PACKAGE WITH DHL – DHL / Adobe Themed Phishing Email
An FS-ISAC member reported receiving a phishing e-mail purporting to be from DHL with the subject “YOU HAVE A PACKAGE WITH DHL”, containing a .pdf file attachment with an embedded URL that leads to an Adobe Online-themed credential harvesting site.
Important Account Notification – Capital One-Themed Phishing E-mail
An FS-ISAC member reported receiving a phishing e-mail purporting to be from Capital One with subject “Important Account Notification”, containing an embedded URL.
Closing Settlement Disclosure – Google Docs-Themed Phishing Email
An FS-ISAC member reported receiving a phishing e-mail with the subject “Helmsmortgage spreedsheet”, containing a .pdf file attachment with an embedded URL that leads to a Google Docs-themed credential harvesting site.
Electronic Shipping Documents Now Ready – NanoCore-RAT Phishing Email
An FS-ISAC member reported receiving a phishing e-mail with the subject “Electronic Shipping Documents Now Ready”, containing a malicious .ace file attachment that leads to Nanocore – Remote Access Trojan.
Inv <#####> – Ursnif Phishing Emails
An FS-ISAC member reported receiving phishing e-mails with subject lines in the following format: “Inv <#####>”, containing a malicious .docx file attachment that leads to Ursnif malware.
Your Email Will Be Blocked. – Webmail-themed Phishing E-mail
An FS-ISAC member reported receiving phishing e-mails with the subject line “Your Email Will Be Blocked.”, containing an embedded URL that leads to a Webmail-themed credential harvesting site.
the exorcists list – Phishing E-mail
An FS-ISAC member reported receiving a phishing e-mail with the subject “the exorcists list” containing a suspicious .doc file attachement and URLs.
Re:invoice – Phishing E-mail
An FS-ISAC member reported receiving a phishing e-mail with the subject “Re:invoice”, containing a malicious .ace file attachment that leads to a Trojan.
Total messages: 23 – Phishing E-mail
An FS-ISAC member reported observing a phishing email with the subject “Total messages: 23” containing a malicious URL.
MyFax message from “<COMPANY NAME>” – 4 page(s), Caller-ID: 1-516-799-6300″ – Adwind – RAT Phishing E-mail
FS-ISAC members reported receiving phishing e-mails with the subject “MyFax message from “<COMPANY NAME>” – 4 page(s), Caller-ID: 1-516-799-6300″ containing a malicious .zip file attachment that leads to the Adwind – Remote Access Trojan.
Complaint Letter – AutoIT Wrapped-Trojan Phishing Email
An FS-ISAC member received a phishing e-mail with the subject “Complaint Letter”, containing a malicious .zip file attachment that leads to AutoIT Wrapped – Trojan.
How to configure an internal relay connector for Exchange 2013
Go to the webpage of the exchange management page (https://exchangeserver/ecp)
Go to the Mail flow > Receive Connectors > + for add a new connector.
Enter a name for the connector. If you want to relay outside your organization than you need to select Frontend Transport role instead of the Hub Transport role.
Leave the setting below unchanged.
Remove the IP address which are shown in the picture below.
You get an error that the field is required. (click on the + to add a new range)
Enter a single IP address or a local LAN address which is allowed to email via the exchange server.
The remote network settings will show the list like below.
When clicked on finished. You have to edit the relay connector and go to security tab.
Select the option “Anonymous users”.
Click on Save..
Now you have to open a powershell CLI of exchange on the exchange server ( with administrative rights ).
Get-ReceiveConnector “Receive Connector Name” | Add-ADPermission -User “NT AUTHORITY\ANONYMOUS LOGON” -ExtendedRights “Ms-Exch-SMTP-Accept-Any-Recipient”
Exchange 2013 mailbox move stuck at StatusDetail FailedOther
You have to remove the current move request and resubmit:
Remove-MoveRequest -Identity userID
New-MoveRequest -Identity “userID” -TargetDatabase “Mailbox Database 0422167200” -BatchName “userID” -BadItemLimit “200”
Cisco ASA Port Forwarding
Create and add your ports:
object-group service TEST tcp
port-object eq 443
Now create an access-list:
access-list outside_access_in extended permit tcp any interface outside object-group TEST
Create a static PAT mapping:
static (inside,outside) tcp interface 443 192.168.4.200 443 netmask 255.255.255.255
Create the access-group:
access-group outside_access_in in interface outside
ERROR: unable to reserve port 443 for static PAT
The issue here is that the http service on the ASA is runnnig off of the standard port 80. Login to the firewall and run the following.
no http server enable
http server enable 8080
Now you should be able to add a NAT/PAT on port 443 to another server of your liking. Just remember when you attempt to use ASDM to manage the ASA in the future to specify the new port 8080.
How to find and remove a Service on Server 2008, 2012 and 2016
Run command prompt as Administrator
Find the keyname with “sc getkeyname”:
C:\Users\administrator.LOCAL>sc getkeyname “Atlassian JIRA”
[SC] GetServiceKeyName SUCCESS
Name = JIRASoftware151216105308
Now delete the key using:
C:\Users\administrator.LOCAL>sc delete “JIRASoftware151216105308”
How to add a route to IPCop
You can add the route command at the end of the /etc/rc.d/rc.local file. The route will be added every time IPCop is rebooted but not everytime the interface is restarted. Good for a box with minimal changes.
root@ipcop: # echo “route add -net 10.10.0.0 gw 10.1.0.1 netmask 255.255.0.0” >> /etc/rc.d/rc.local
SCP files from one linux host to another
su – temp
scp /home/.sites/temp/html/* temp@lamp4.ncol.net:/home/.sites/temp/html/
Active Partition Recovery
Accidentally deleted some files or even a partition? Has your data been lost due to a formatted drive? You will be able to retrieve pictures, music, movies and document files even if your drive letter has disappeared from the computer and need to get back all the files that resided there. Lsoft has several solutions to recover that very important data of yours: Active@ File Recovery,Active@ UNDELETE, Active@ Partition Recovery.
Active Partition Recovery
How to enable Zero-Handoff on Unifi
– For Zero Handoff Roaming, you’ll need to install the UniFi controller version after v3.1.x
– Next setup a new WLAN Group by navigating Settings > Wireless Networks
– Next add a new WLAN Group by click the ì+î. Now give a name and Enabled Zero-handoff to make your roaming WLAN Group.
– Finally just add the access points you want to participate in this roaming group to this WLAN Group and it should then work fine.
– After initial setup, the UAPs handles Zero Handoff Roaming, so it works independently of the UniFi Controller software.
UniFi – Run the controller as a Windows service
Readers will learn how to run the Ubiquiti UniFi controller software as a Windows service.
Windows services are often useful since they are “background” applications which don’t require any attention on the part of the end-user. In this way, the service will launch upon startup, without any intervention on the part of the user.
https://help.ubnt.com/hc/en-us/articles/205144550-UniFi-Run-the-controller-as-a-Windows-service
Or
1. Close any instances of the UniFi software on the computer. If the UniFi Network Controller was just installed, make sure to open the controller software manually at least once, or let it run at the end of the wizard. Once you see the message UniFi Controller (a.b.c) started, the controller may be closed.
2. Launch the Command Prompt as an Administrator. On Windows 10 this would entail right-clicking and selecting “Run as administrator”. Please see Windows documentation to identify the appropriate method for your specific Windows version.
3. Change directory to the location of UniFi in the computer using the following command (exactly as it is here, no need to substitute anything):
cd "%UserProfile%\Ubiquiti UniFi\"
4. Once in the root of the UniFi folder, issue the following command to install the UniFi Network Controller service:
java -jar lib\ace.jar installsvc
5. Once you’re at a new command prompt line, after it says “Complete Installation…”, issue the following:
java -jar lib\ace.jar startsvc
6. Close the command prompt window either by entering the exit command, or clicking the X.
7. To access the UniFi Network Controller now open a browser and go to https://localhost:8443. Alternatively, the desired interface IP, or FQDN that is mapped to that host (in place of “localhost”) may be used.
How to completely reset a Ubiquiti AP-LR.
To reset the UniFi APs, power them on, and allow them to fully boot. (In case powered by the POE adapter, make sure the cable on the LAN port of the adaptor is unplugged.)
After they’ve booted, press and hold the small reset button (located on the back of the device) for 25+ seconds.
Wait for stable Amber/White LED.(Now replug the cable into the LAN port of the adaptor)
This should reset the UniFi APs and put them back into a discoverable state again.
How to setup Zero Handoff on Ubiquiti Unifi.
UniFi has always supported roaming according to base 802.11 standards. However with Zero-Handoff Roaming enabled, clients can freely roam between UAPs without incurring any latency penalty as a result of the roam. The basic premise is Zero-Handoff enabled UAPs appear as a single AP from the perspective of the client, thus eliminating disconnection.
Zero-Handoff Roaming is available starting with v3.x.
https://help.ubnt.com/hc/en-us/articles/205144590-UniFi-What-is-Zero-Handoff-
How to setup static PAT (port forwarding) on a Cisco ASA 5505 8.2
If you are going to forward multiple ports, setup an object-group similar to the following:
object-group service DVR tcp
port-object eq 10554
port-object eq 8000
port-object eq 81
Then add your access-list:
access-list outside_access_in extended permit tcp any interface outside object-group DVR
Then add your static PAT statements for the services in your object-group:
static (inside,outside) tcp interface 8000 192.168.5.202 8000 netmask 255.255.255.255
static (inside,outside) tcp interface 10554 192.168.5.202 10554 netmask 255.255.255.255
static (inside,outside) tcp interface 81 192.168.5.202 81 netmask 255.255.255.255
Then add your access-group statement:
access-group outside_access_in in interface outside
I want to make a backup or copy of my VMware virtual machine. What is the best way to do so?
Answer
To make a backup copy of a virtual machine created with VMware, just copy the folder to another location. When you power on the copy (open the VM), you will be asked if you have moved the virtual machine or copied it. Select that you “Moved It”. This will keep all of the settings the same. If you select the “Copied It” option, a new UUID and MAC address will be generated, which could cause Windows Activation to come up and can also cause Linux machines to have problems with the Ethernet devices.
You will not be able to use a backed-up virtual machine at the same time as the original because you will have a MAC Address conflict on your network. If you need to be able to run the backed-up virtual machine at the same time as the original, you should make a copy using the “Copied It” option.
Perform a full backup on Exchange to purge logs
1. Open Command prompt as Administrator
2. Launch Diskshadow
A.Add volume d:
B.(optional, add one line for each additional drive to include) Add volume X:
C.Begin Backup
D.Create
E.End Backup
3. At this step you should notice the following events in the application log indicating that the backup was indeed successful and logs will now be deleted.
Here’s some screenshots from the process:
Command prompt
Event Log
Backup all SQL Databases at once
Problem
Sometimes things that seem complicated are much easier then you think and this is the power of using T-SQL to take care of repetitive tasks. One of these tasks may be the need to backup all databases on your server. This is not a big deal if you have a handful of databases, but I have seen several servers where there are 100+ databases on the same instance of SQL Server. You could use SQL Server Management Studio to backup the databases or even use Maintenance Plans, but using T-SQL is a much simpler and faster approach.
Solution
With the use of T-SQL you can generate your backup commands and with the use of cursors you can cursor through all of your databases to back them up one by one. This is a very straight forward process and you only need a handful of commands to do this.
Here is the script that will allow you to backup each database within your instance of SQL Server. You will need to change the @path to the appropriate backup directory.
File Naming Format DBname_YYYYDDMM.BAK
DECLARE @name VARCHAR(50) — database name
DECLARE @path VARCHAR(256) — path for backup files
DECLARE @fileName VARCHAR(256) — filename for backup
DECLARE @fileDate VARCHAR(20) — used for file name
— specify database backup directory
SET @path = ‘C:\Backup\’
— specify filename format
SELECT @fileDate = CONVERT(VARCHAR(20),GETDATE(),112)
DECLARE db_cursor CURSOR FOR
SELECT name
FROM master.dbo.sysdatabases
WHERE name NOT IN (‘master’,’model’,’msdb’,’tempdb’) — exclude these databases
OPEN db_cursor
FETCH NEXT FROM db_cursor INTO @name
WHILE @@FETCH_STATUS = 0
BEGIN
SET @fileName = @path + @name + ‘_’ + @fileDate + ‘.BAK’
BACKUP DATABASE @name TO DISK = @fileName
FETCH NEXT FROM db_cursor INTO @name
END
CLOSE db_cursor
DEALLOCATE db_cursor
File Naming Format DBname_YYYYDDMM_HHMMSS.BAK
If you want to also include the time in the filename you can replace this line in the above script:
— specify filename format
SELECT @fileDate = CONVERT(VARCHAR(20),GETDATE(),112)
with this line:
— specify filename format
SELECT @fileDate = CONVERT(VARCHAR(20),GETDATE(),112) + REPLACE(CONVERT(VARCHAR(20),GETDATE(),108),’:’,”)
Notes
In this script we are bypassing the system databases, but these could easily be included as well. You could also change this into a stored procedure and pass in a database name or if left NULL it backups all databases. Any way you choose to use it, this script gives you the starting point to simply backup all of your databases.